CVE-2019-3716

Published: Mar 13, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Affected (1)

Products: Rsa: Archer Grc Platform

1 product

Archer Grc Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rsa Archer Grc Platform	Before 6.5.2.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

http://www.securityfocus.com/bid/107406

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2019/Mar/19

Source: security_alert@emc.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107406

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2019/Mar/19

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.