Sign-up

ID

VAR-201909-0098


CVE

CVE-2019-3760


TITLE

RSA Identity Governance and Lifecycle Software and Via Lifecycle and Governance In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009360

DESCRIPTION

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

Trust: 1.71

sources: NVD: CVE-2019-3760 // JVNDB: JVNDB-2019-009360 // VULHUB: VHN-155195

AFFECTED PRODUCTS

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.1

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.1

Trust: 1.0

vendor:dellmodel:rsa via lifecycle and governancescope:eqversion:7.0.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.2

Trust: 1.0

vendor:dell emc old emcmodel:rsa identity governance and lifecyclescope:ltversion:7.1.0 p08

Trust: 0.8

vendor:dell emc old emcmodel:rsa via lifecycle and governancescope:ltversion:7.1.0 p08

Trust: 0.8

sources: JVNDB: JVNDB-2019-009360 // NVD: CVE-2019-3760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3760
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3760
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3760
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-587
value: HIGH

Trust: 0.6

VULHUB: VHN-155195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3760
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155195
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3760
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3760
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-3760
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155195 // JVNDB: JVNDB-2019-009360 // CNNVD: CNNVD-201909-587 // NVD: CVE-2019-3760 // NVD: CVE-2019-3760

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-155195 // JVNDB: JVNDB-2019-009360 // NVD: CVE-2019-3760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-587

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-587

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009360

PATCH
title:DSA-2019-134: RSA Identity Governance and Lifecycle Product Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-106943/DSA-2019-134-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi
Trust: 0.8
title:Dell RSA Identity Governance and Lifecycle  and RSA Via Lifecycle and Governance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98168
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009360 // 
            
            
            
            CNNVD: CNNVD-201909-587

EXTERNAL IDS
db:NVDid:CVE-2019-3760
Trust: 2.5
db:JVNDBid:JVNDB-2019-009360
Trust: 0.8
db:CNNVDid:CNNVD-201909-587
Trust: 0.7
db:VULHUBid:VHN-155195
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155195 // 
            
            
            
            JVNDB: JVNDB-2019-009360 // 
            
            
            
            CNNVD: CNNVD-201909-587 // 
            
            
            
            NVD: CVE-2019-3760

REFERENCES
url:https://community.rsa.com/docs/doc-106943
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3760
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3760
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-106943/dsa-2019-134-rsa-identity-governance-and-lifecycle-product-security-update-for-multiple-vulnerabi
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155195 // 
            
            
            
            JVNDB: JVNDB-2019-009360 // 
            
            
            
            CNNVD: CNNVD-201909-587 // 
            
            
            
            NVD: CVE-2019-3760

SOURCES
db:VULHUBid:VHN-155195
db:JVNDBid:JVNDB-2019-009360
db:CNNVDid:CNNVD-201909-587
db:NVDid:CVE-2019-3760

LAST UPDATE DATE
2024-11-23T21:51:59.398000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155195date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2019-009360date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-587date:2020-09-02T00:00:00
db:NVDid:CVE-2019-3760date:2024-11-21T04:42:28.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-155195date:2019-09-11T00:00:00
db:JVNDBid:JVNDB-2019-009360date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-587date:2019-09-11T00:00:00
db:NVDid:CVE-2019-3760date:2019-09-11T20:15:11.490