CVE-2019-3761

Published Sep 11, 2019

Last updated 3 months ago

CVSS medium 5.4

Overview

Description: The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

security_alert@emc.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44CA4907-A783-46E1-8B46-E17D48969AD9"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "052C1A07-3FB4-42A6-97E0-5FEC8F8F4C66"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p2_hotfix2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F14DC98-ACE2-4881-A56E-DC65F4BD6EF0"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01B41090-3B78-47DE-938D-54286A0113AB"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "014C5B9E-AE6F-49B6-9B99-C788B06210A2"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B229032D-521D-42C7-A713-841549A732A8"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5_hotfix2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C4BDB3E-AFDD-4CBC-99D9-702BCBC3CC10"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB614915-FEB0-40BA-B937-A94A2BC32EA4"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9FB2F5C-689B-421E-8419-E854F589016E"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C261380-E92D-4CB5-8AEE-753C72C24616"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0338F8EE-0C27-4321-912D-B27B599EC995"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CAE5789-2829-4235-9B88-DD56CBE9FE90"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06EFC55E-26A0-43DB-A810-F478686CDDA9"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B75C0122-F2BD-44EE-AB23-4C3710916449"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CEB0CCE-3641-4FB5-9A36-3D3F4554B128"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3D8E30F-B267-4A78-A0BC-FB42A5CA623B"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67E2D018-FEB3-4F42-808D-D0B3AADFC7C5"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "055DDA5C-F433-447A-B017-FE9A14FEFA4A"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0E3EF7B-D9F7-442C-B344-21BD031ADE4D"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98D1027-D86A-4EFB-B440-D198D22219E1"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79343DD1-5BC0-4E4B-882A-CEBB9716EED3"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7CF1FAC-F88B-487F-872C-5912C19AB1DA"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC3F7997-46CC-4345-981A-4CA38A73BA8C"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD36DED8-5591-4A76-AD40-7DAED6EF1954"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CF203FD-8A59-4237-820A-FDBE4F28E4B9"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FC40D4-433A-4EDE-87B1-422D0473D6D8"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CF1C39E-D12B-44E4-8172-CD91F17E871B"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31DCF79D-E1EA-4F65-B355-C821B0D78E73"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82CFC850-4C98-42B5-AE77-592FD64E78E1"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DE35E51-0C69-41A8-9332-A9E411CE0B92"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9E1900-FE59-440A-87D6-35DE7233EAB3"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "929D3EE3-00B4-485C-AB3F-DA04FF91C7FE"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D2D40A1-3C94-4550-9085-9F9369332BE6"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91BBA4D3-680B-4915-954E-1E92D1567014"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516C78B3-D8F9-4750-94BB-9C20674C2528"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59D6612B-3400-43EC-9EAA-D6451A7BBD63"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32D04EBE-8F30-48EA-B3BF-CFCF5910679E"
          },
          {
            "criteria": "cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABF6EBBB-4460-451F-B7A2-AC5C6E0DB4D9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References