Code Injection Vulnerability in RSA Identity Governance and Lifecycle Software and RSA Via Lifecycle and Governance Products

Code Injection Vulnerability in RSA Identity Governance and Lifecycle Software and RSA Via Lifecycle and Governance Products

CVE-2019-3759 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

Learn more about our User Device Pen Test.