Vulnerabilities > EMC > RSA Identity Governance AND Lifecycle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2018-1255 | Cross-site Scripting vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. | 4.3 |
| 2018-07-13 | CVE-2018-1245 | Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). | 9.0 |
| 2018-07-11 | CVE-2018-11049 | Uncontrolled Search Path Element vulnerability in multiple products RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. | 6.9 |
| 2018-03-08 | CVE-2018-1182 | Improper Privilege Management vulnerability in multiple products An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). | 7.2 |
| 2017-07-17 | CVE-2017-8005 | Cross-site Scripting vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. | 3.5 |
| 2017-07-17 | CVE-2017-8004 | Improper Input Validation vulnerability in multiple products The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. | 6.5 |
| 2017-06-09 | CVE-2017-5004 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 3.5 |
| 2017-06-09 | CVE-2017-5003 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 4.3 |