Lucene search

[email protected]NVD:CVE-2019-3716

HistoryMar 13, 2019 - 9:29 p.m.

CVE-2019-3716

2019-03-1321:29:00

CWE-532

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Affected configurations

Nvd

Node

rsaarcher_grc_platformRange<6.5.2.0

VendorProductVersionCPE
rsaarcher_grc_platform*cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rsa	archer_grc_platform	*	cpe:2.3:a:rsa:archer_grc_platform::::::::

References

www.securityfocus.com/bid/107406

seclists.org/fulldisclosure/2019/Mar/19

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-3716

cve1 cvelist1 prion1 nessus1