RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.
16bc444575b590b35b69a5534bc7552c0f81d8f9daaa2cefa85554c9f8e4c8ceRSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
9ddb565ccd3cfa1b04d5848eeb00478b6bf3789a0a270773a457841b32dbe50bEMC Network Configuration Manager (NCM) is affected by a reflected cross site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x are affected.
72e876fa3de6241e4d169bba2325e32585cdd5d35098bfcdf2df6e97035af71dRSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG contain fixes for multiple cross site scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. Affected include RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, RSA Via Lifecycle and Governance version 7.0, and RSA Identity Management and Governance (RSA IMG) versions 6.9.1.
44b7ec734bdad01c908ce70dbcd6edc836957395ff21c342686e48d70ec6097b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed