CVE-2019-3715

Published: Mar 13, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.

Affected (2)

Products: Rsa: Archer Grc Platform

1 product

Archer Grc Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Rsa Archer Grc Platform	Before 6.5
Rsa Archer Grc Platform	Version 6.5

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

http://www.securityfocus.com/bid/107443

Source: security_alert@emc.com

https://seclists.org/fulldisclosure/2019/Mar/19

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107443

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/fulldisclosure/2019/Mar/19

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.