Sign-up

ID

VAR-201909-0099


CVE

CVE-2019-3761


TITLE

RSA Identity Governance and Lifecycle Software and Via Lifecycle and Governance Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-009358

DESCRIPTION

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2019-3761 // JVNDB: JVNDB-2019-009358 // VULHUB: VHN-155196 // VULMON: CVE-2019-3761

AFFECTED PRODUCTS

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.1

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.1

Trust: 1.0

vendor:dellmodel:rsa via lifecycle and governancescope:eqversion:7.0.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.2

Trust: 1.0

vendor:dell emc old emcmodel:rsa identity governance and lifecyclescope:ltversion:7.1.0 p08

Trust: 0.8

vendor:dell emc old emcmodel:rsa via lifecycle and governancescope:ltversion:7.1.0 p08

Trust: 0.8

sources: JVNDB: JVNDB-2019-009358 // NVD: CVE-2019-3761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3761
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3761
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3761
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-586
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155196
value: LOW

Trust: 0.1

VULMON: CVE-2019-3761
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3761
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155196
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3761
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2019-3761
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155196 // VULMON: CVE-2019-3761 // JVNDB: JVNDB-2019-009358 // CNNVD: CNNVD-201909-586 // NVD: CVE-2019-3761 // NVD: CVE-2019-3761

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-155196 // JVNDB: JVNDB-2019-009358 // NVD: CVE-2019-3761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-586

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201909-586

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009358

PATCH
title:DSA-2019-134: RSA Identity Governance and Lifecycle Product Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-106943/DSA-2019-134-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi
Trust: 0.8
title:Dell RSA Identity Governance and Lifecycle  and RSA Via Lifecycle and Governance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98167
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009358 // 
            
            
            
            CNNVD: CNNVD-201909-586

EXTERNAL IDS
db:NVDid:CVE-2019-3761
Trust: 2.6
db:JVNDBid:JVNDB-2019-009358
Trust: 0.8
db:CNNVDid:CNNVD-201909-586
Trust: 0.7
db:VULHUBid:VHN-155196
Trust: 0.1
db:VULMONid:CVE-2019-3761
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155196 // 
            
            
            
            VULMON: CVE-2019-3761 // 
            
            
            
            JVNDB: JVNDB-2019-009358 // 
            
            
            
            CNNVD: CNNVD-201909-586 // 
            
            
            
            NVD: CVE-2019-3761

REFERENCES
url:https://community.rsa.com/docs/doc-106943
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3761
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3761
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-106943/dsa-2019-134-rsa-identity-governance-and-lifecycle-product-security-update-for-multiple-vulnerabi
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155196 // 
            
            
            
            VULMON: CVE-2019-3761 // 
            
            
            
            JVNDB: JVNDB-2019-009358 // 
            
            
            
            CNNVD: CNNVD-201909-586 // 
            
            
            
            NVD: CVE-2019-3761

SOURCES
db:VULHUBid:VHN-155196
db:VULMONid:CVE-2019-3761
db:JVNDBid:JVNDB-2019-009358
db:CNNVDid:CNNVD-201909-586
db:NVDid:CVE-2019-3761

LAST UPDATE DATE
2024-11-23T22:25:47.605000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155196date:2020-08-31T00:00:00
db:VULMONid:CVE-2019-3761date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2019-009358date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-586date:2020-09-02T00:00:00
db:NVDid:CVE-2019-3761date:2024-11-21T04:42:28.777

SOURCES RELEASE DATE
db:VULHUBid:VHN-155196date:2019-09-11T00:00:00
db:VULMONid:CVE-2019-3761date:2019-09-11T00:00:00
db:JVNDBid:JVNDB-2019-009358date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-586date:2019-09-11T00:00:00
db:NVDid:CVE-2019-3761date:2019-09-11T20:15:11.553