CVE-2019-3715
Summary
| CVE | CVE-2019-3715 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-13 21:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rsa | Archer Grc Platform | All | All | All | All |
| Application | Rsa | Archer Grc Platform | 6.5 | All | All | All |
| Application | Rsa | Archer Grc Platform | 6.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Malformed Request | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.