Main Vulnerability Database Vulnerabilities #VU34954

Improper Authentication in RSA Identity Governance and Lifecycle - CVE-2019-18572

Published: December 18, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU34954

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-18572

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: RSA

Affected software:
RSA Identity Governance and Lifecycle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

How to mitigate CVE-2019-18572

Install update from vendor's website.

Sources

https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi

Improper Authentication in RSA Identity Governance and Lifecycle - CVE-2019-18572

Detailed vulnerability description

How to mitigate CVE-2019-18572

Sources

Please verify you're human