PT-2019-16700 · Rsa+1 · Rsa Identity Governance/Lifecycle+2
Publicado
2019-09-11
·
Atualizado
2020-10-16
·
CVE-2019-3763
CVSS v3.1
8.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08
RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08
Description
The issue allows an authenticated malicious local user with access to the debug logs to obtain an exposed password. This occurs because the Office 365 user password may get logged in plain text format in the Office 365 connector debug log file.
Recommendations
For RSA Identity Governance and Lifecycle software versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
For RSA Via Lifecycle and Governance products versions prior to 7.1.0 P08, update to version 7.1.0 P08 or later.
As a temporary workaround, consider restricting access to the Office 365 connector debug log file to minimize the risk of exploitation.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Office 365
Rsa Identity Governance/Lifecycle
Rsa Via Lifecycle/Governance