Session Fixation Vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Products

Session Fixation Vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Products

CVE-2019-18573 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Learn more about our User Device Pen Test.