The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products before 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell rsa identity governance and lifecycle 7.0 |
||
dell rsa identity governance and lifecycle 7.0.1 |
||
dell rsa identity governance and lifecycle 7.0.2 |
||
dell rsa identity governance and lifecycle 7.1.0 |
||
dell rsa identity governance and lifecycle 7.1.1 |