PT-2019-16660 · Rsa · Rsa Archer
Published
2019-03-13
·
Updated
2020-08-24
·
CVE-2019-3715
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RSA Archer versions prior to 6.5 SP1
Description
The issue allows an authenticated malicious local user with access to the log files to obtain exposed session information, which is logged in plain text in the RSA Archer log files. This information can be used in further attacks.
Recommendations
For versions prior to 6.5 SP1, update to version 6.5 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Archer