Sign-up

ID

VAR-201912-1251


CVE

CVE-2019-18572


TITLE

RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013711

DESCRIPTION

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application

Trust: 1.71

sources: NVD: CVE-2019-18572 // JVNDB: JVNDB-2019-013711 // VULHUB: VHN-150932

AFFECTED PRODUCTS

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.1

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.1

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.2

Trust: 1.0

vendor:dell emc old emcmodel:rsa identity governance and lifecyclescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-013711 // NVD: CVE-2019-18572

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18572
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2019-18572
value: HIGH

Trust: 1.0

NVD: CVE-2019-18572
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201912-882
value: CRITICAL

Trust: 0.6

VULHUB: VHN-150932
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18572
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150932
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18572
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-18572
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-18572
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150932 // JVNDB: JVNDB-2019-013711 // CNNVD: CNNVD-201912-882 // NVD: CVE-2019-18572 // NVD: CVE-2019-18572

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-150932 // JVNDB: JVNDB-2019-013711 // NVD: CVE-2019-18572

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-882

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-882

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013711

PATCH
title:DSA-2019-164: RSA Identity Governance and Lifecycle Product Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi
Trust: 0.8
title:Dell RSA Identity Governance and Lifecycle  and RSA Via Lifecycle and Governance Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106257
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013711 // 
            
            
            
            CNNVD: CNNVD-201912-882

EXTERNAL IDS
db:NVDid:CVE-2019-18572
Trust: 2.5
db:JVNDBid:JVNDB-2019-013711
Trust: 0.8
db:CNNVDid:CNNVD-201912-882
Trust: 0.7
db:CNVDid:CNVD-2020-03162
Trust: 0.1
db:VULHUBid:VHN-150932
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150932 // 
            
            
            
            JVNDB: JVNDB-2019-013711 // 
            
            
            
            CNNVD: CNNVD-201912-882 // 
            
            
            
            NVD: CVE-2019-18572

REFERENCES
url:https://community.rsa.com/docs/doc-109310
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18572
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18572
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-109310/dsa-2019-164-rsa-identity-governance-and-lifecycle-product-security-update-for-multiple-vulnerabi
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150932 // 
            
            
            
            JVNDB: JVNDB-2019-013711 // 
            
            
            
            CNNVD: CNNVD-201912-882 // 
            
            
            
            NVD: CVE-2019-18572

SOURCES
db:VULHUBid:VHN-150932
db:JVNDBid:JVNDB-2019-013711
db:CNNVDid:CNNVD-201912-882
db:NVDid:CVE-2019-18572

LAST UPDATE DATE
2024-11-23T22:21:22.805000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150932date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2019-013711date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-882date:2020-10-23T00:00:00
db:NVDid:CVE-2019-18572date:2024-11-21T04:33:19.300

SOURCES RELEASE DATE
db:VULHUBid:VHN-150932date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013711date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-201912-882date:2019-12-18T00:00:00
db:NVDid:CVE-2019-18572date:2019-12-18T21:15:12.943