Vulnerabilities > RSA > RSA VIA Lifecycle AND Governance

DATE CVE VULNERABILITY TITLE RISK
2018-07-11 CVE-2018-11049 Uncontrolled Search Path Element vulnerability in multiple products
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability.
local
low complexity
emc rsa CWE-427
7.3
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.8
2017-07-17 CVE-2017-8005 Cross-site Scripting vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities.
network
low complexity
emc rsa CWE-79
5.4
2017-07-17 CVE-2017-8004 Improper Input Validation vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code.
network
low complexity
emc rsa CWE-20
7.2
2017-06-09 CVE-2017-5004 Cross-site Scripting vulnerability in multiple products
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
network
low complexity
emc rsa CWE-79
5.4
2017-06-09 CVE-2017-5003 Cross-site Scripting vulnerability in multiple products
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
network
low complexity
emc rsa CWE-79
6.1