{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T11:18:59.165","vulnerabilities":[{"cve":{"id":"CVE-2019-18573","sourceIdentifier":"security_alert@emc.com","published":"2019-12-18T21:15:13.083","lastModified":"2024-11-21T04:33:19.420","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session."},{"lang":"es","value":"Los productos RSA Identity Governance and Lifecycle y RSA Via Lifecycle and Governance anteriores a 7.1.1 P03 contienen una vulnerabilidad de fijación de sesión. Un usuario local malintencionado autenticado podría aprovechar esta vulnerabilidad ya que el token de sesión se expone como parte de la URL. Un atacante remoto puede obtener acceso a la sesión de la víctima y realizar acciones arbitrarias con privilegios del usuario dentro de la sesión comprometida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-598"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0:*:*:*:*:*:*:*","matchCriteriaId":"54F243EB-5F06-4728-8815-93BDB5502F74"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"DD518D4A-157A-42D8-B958-8C4661CE6224"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E2715882-4E9F-4E4C-A648-30B5D8B36C63"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*","matchCriteriaId":"BC3F7997-46CC-4345-981A-4CA38A73BA8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*","matchCriteriaId":"DD36DED8-5591-4A76-AD40-7DAED6EF1954"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*","matchCriteriaId":"6CF203FD-8A59-4237-820A-FDBE4F28E4B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*","matchCriteriaId":"08FC40D4-433A-4EDE-87B1-422D0473D6D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*","matchCriteriaId":"5CF1C39E-D12B-44E4-8172-CD91F17E871B"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*","matchCriteriaId":"31DCF79D-E1EA-4F65-B355-C821B0D78E73"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*","matchCriteriaId":"82CFC850-4C98-42B5-AE77-592FD64E78E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*","matchCriteriaId":"9DE35E51-0C69-41A8-9332-A9E411CE0B92"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p08:*:*:*:*:*:*","matchCriteriaId":"A8989E78-229D-47B1-A60F-50394D8DF244"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*","matchCriteriaId":"6E9E1900-FE59-440A-87D6-35DE7233EAB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p01:*:*:*:*:*:*","matchCriteriaId":"15371ECD-CACD-4E1F-854B-D5EA6D1BBC54"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p02:*:*:*:*:*:*","matchCriteriaId":"ACD868A6-05CC-4BCF-BC53-EA4418DE5F45"}]}]}],"references":[{"url":"https://community.rsa.com/docs/DOC-109310","source":"security_alert@emc.com"},{"url":"https://community.rsa.com/docs/DOC-109310","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}