CVE-2019-18573

HIGH Year: 2019
CVSS v3 Score
8.7
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-598
View all →

Vulnerability Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Related Vulnerabilities

CVE-2021-36328

HIGH
CVSS:8.8(High)

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauth...

CWE-5982021

CVE-2022-22551

HIGH
CVSS:8.8(High)

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim sess...

CWE-5982022

CVE-2023-6014

CRITICAL
CVSS:9.1(Critical)

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

CWE-5982023

CVE-2019-6531

HIGH
CVSS:8.1(High)

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM positio...

CWE-5982019

CVE-2017-3185

CRITICAL
CVSS:9.8(Critical)

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such ...

CWE-5982017

CVE-2018-14822

CRITICAL
CVSS:9.8(Critical)

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user a...

CWE-5982018