CVE-2016-0918
Summary
| CVE | CVE-2016-0918 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-09-24 10:59:00 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. |
Risk And Classification
Primary CVSS: v3.0 4.3 MEDIUM from [email protected]
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.001710000 probability, percentile 0.379190000 (date 2026-05-06)
Problem Types: CWE-200 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 4.3 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 2.0 | [email protected] | Primary | 4 | AV:N/AC:L/Au:S/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:S/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emc | Rsa Identity Management And Governance | 6.9.0 | All | All | All |
| Application | Emc | Rsa Identity Management And Governance | 6.9.1 | All | All | All |
| Application | Emc | Rsa Identity Management And Governance | All | All | All | All |
| Application | Emc | Rsa Via Lifecycle And Governance | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Bugtraq: ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Third Party Advisory, VDB Entry |
| RSA Identity Management and Governance Flaw Lets Remote Authenticated Users Obtain Information About Other User Accounts - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.