CVE-2019-3759 in RSA Identity Governance
Summary
by MITRE
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/02/2025
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to version 7.1.0 P08 contain a critical code injection vulnerability that represents a significant security risk for organizations relying on these identity management solutions. This vulnerability stems from insufficient input validation and sanitization within the workflow processing components of these products, creating an exploitable entry point for malicious actors who have already established authentication credentials within the system.
The technical flaw manifests as a code injection vulnerability that specifically affects the Groovy scripting engine integration within the workflow system. When authenticated users submit malicious input through workflow-related interfaces, the system fails to properly sanitize or validate the input before processing it as executable code. This allows an attacker to inject custom Groovy scripts that can be executed within the context of the application's privileges, potentially enabling unauthorized access to sensitive identity data and workflow configurations. The vulnerability operates at the application layer and requires only authenticated access, making it particularly dangerous as it can be exploited by insiders or compromised legitimate users.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it provides attackers with the capability to manipulate workflow processes and potentially escalate their privileges within the identity governance framework. An attacker could leverage this vulnerability to modify workflow rules, bypass access controls, or gain visibility into sensitive identity information that should be restricted to authorized personnel only. The limited access granted through this vulnerability means that while attackers cannot execute arbitrary system commands, they can still manipulate the workflow system to achieve unauthorized data access or modification, which could compromise the integrity and confidentiality of identity management processes.
Organizations should implement immediate mitigations including updating to RSA Identity Governance and Lifecycle version 7.1.0 P08 or later, which contains patches addressing this vulnerability. Network segmentation and access controls should be reinforced to limit the number of authenticated users with workflow administration privileges. Additionally, monitoring should be implemented to detect unusual workflow processing activities that might indicate exploitation attempts. The vulnerability aligns with CWE-94, which describes "Improper Control of Generation of Code ('Code Injection')" and represents a variant of the broader class of injection flaws that are commonly exploited in identity and access management systems. From an ATT&CK framework perspective, this vulnerability maps to T1059.007 for Scripting and T1078.004 for Valid Accounts, as exploitation requires legitimate authentication credentials combined with code injection capabilities. Organizations should also consider implementing application whitelisting policies and regular security assessments to prevent similar vulnerabilities from being introduced in future releases or custom configurations.