PT-2019-16661 · Rsa · Rsa Archer
Publicado
2019-03-13
·
Atualizado
2020-08-24
·
CVE-2019-3716
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Archer versions prior to 6.5 SP2
Description
The issue allows an authenticated malicious local user with access to the log files to obtain a database connection password that may be logged in plain text in the RSA Archer log files. This could potentially be used in further attacks.
Recommendations
For versions prior to 6.5 SP2, update to version 6.5 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSA Archer log files to minimize the risk of exploitation.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rsa Archer