The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
https://community.rsa.com/docs/DOC-106943
http://packetstormsecurity.com/files/158324/RSA-IG-L-Aveksa-7.1.1-Remote-Code-Execution.html