CVE-2019-18573 is a vulnerability in Dell Rsa Identity Governance Lifecycle
Published on December 18, 2019
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victims session and perform arbitrary actions with privileges of the user within the compromised session.
Weakness Type
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. The query string can be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.
Products Associated with CVE-2019-18573
Want to know whenever a new CVE is published for Dell Rsa Identity Governance Lifecycle? stack.watch will email you.
Affected Versions
Dell RSA Identity Governance & Lifecycle:- Version unspecified and below 7.1.0 P09, 7.1.1 P03 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.