The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rsa_identity_governance_and_lifecycle | Dell | 7.0 (including) | 7.0 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.0.1 (including) | 7.0.1 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.0.2 (including) | 7.0.2 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0 (including) | 7.1.0 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p01 (including) | 7.1.0-p01 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p02 (including) | 7.1.0-p02 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p03 (including) | 7.1.0-p03 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p04 (including) | 7.1.0-p04 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p05 (including) | 7.1.0-p05 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p06 (including) | 7.1.0-p06 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p07 (including) | 7.1.0-p07 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.0-p08 (including) | 7.1.0-p08 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.1 (including) | 7.1.1 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.1-p01 (including) | 7.1.1-p01 (including) |
| Rsa_identity_governance_and_lifecycle | Dell | 7.1.1-p02 (including) | 7.1.1-p02 (including) |