CVE-2018-1255 — Cross-site Scripting in Identity Governance AND Lifecycle

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 41.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RSA Identity Governance AND Lifecycle EMC RSA Identity Governance AND Lifecycle

Timeline

PublishedJul 13

Latest updateMay 13

Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5rsa/rsa_identity_governance_and_lifecycleversion 7.0.1, all patch levels, version 7.0.2, all patch levels, version 7.1.0, all patch levels+2

▶NVDemc/rsa_identity_governance_and_lifecycle7.0.1, 7.0.2, 7.1.0+2

🔴Vulnerability Details

GHSA

GHSA-9qvx-98rw-g873: RSA Identity Lifecycle and Governance versions 7↗2022-05-13

▶

CVEList

Reflected Cross-Site Scripting Vulnerability↗2018-07-13

▶