CVE-2019-18572

HIGH Year: 2019
CVSS v3 Score
8.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-306
View all →

Vulnerability Description

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

Related Vulnerabilities

CVE-2023-4815

HIGH
CVSS:8.3(High)

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.

CWE-3062023

CVE-2025-27256

HIGH
CVSS:8.3(High)

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connec...

CWE-3062025

CVE-2017-8155

HIGH
CVSS:8.4(High)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor u...

CWE-3062017

CVE-2020-25621

HIGH
CVSS:8.4(High)

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys a...

CWE-3062020

CVE-2022-23862

HIGH
CVSS:8.4(High)

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authenti...

CWE-3062022