Vulnerabilities > EMC > RSA Identity Governance AND Lifecycle

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2018-1255 Cross-site Scripting vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability.
network
emc CWE-79
4.3
2018-07-13 CVE-2018-1245 Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM).
network
low complexity
emc CWE-863
critical
9.0
2018-07-11 CVE-2018-11049 Uncontrolled Search Path Element vulnerability in multiple products
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability.
local
rsa emc CWE-427
6.9
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.2
2017-07-17 CVE-2017-8005 Cross-site Scripting vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities.
network
emc rsa CWE-79
3.5
2017-07-17 CVE-2017-8004 Improper Input Validation vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code.
network
low complexity
emc rsa CWE-20
6.5
2017-06-09 CVE-2017-5004 Cross-site Scripting vulnerability in multiple products
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
network
emc rsa CWE-79
3.5
2017-06-09 CVE-2017-5003 Cross-site Scripting vulnerability in multiple products
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
network
emc rsa CWE-79
4.3