CVE-2019-3715
Published Mar 13, 2019
Last updated 4 years ago
Overview
- Description
- RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.
- Source
- security_alert@emc.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-532
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16D5D9E5-E0E5-480B-A393-06ED19A987AB",
"versionEndExcluding": "6.5"
},
{
"criteria": "cpe:2.3:a:rsa:archer_grc_platform:6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8402723-51E2-4525-9D40-E30BA23301F7"
}
],
"operator": "OR"
}
]
}
]