mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
1.2 KiB
1.2 KiB
CVE-2019-3759
&color=brighgreen)
Description
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
POC
Reference
- http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.html
- https://community.rsa.com/docs/DOC-106943
Github
No PoCs found on GitHub currently.