Authorization ByPass Vulnerability
CVE-2018-1245

9CRITICAL

Key Information:

Vendor: Rsa
Status: Rsa Identity Governance And Lifecycle
Vendor: CVE Published:; 13 July 2018

Summary

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.

Affected Version(s)

RSA Identity Governance and Lifecycle version 7.0.1, all patch levels

RSA Identity Governance and Lifecycle version 7.0.2, all patch levels

RSA Identity Governance and Lifecycle version 7.1.0, all patch levels

References

http://www.securitytracker.com/id/1041287

vdb-entryx_refsource_SECTRACK

http://seclists.org/fulldisclosure/2018/Jul/46

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 13, 2018
Vulnerability Reserved
Dec 6, 2017