{"api_version":"1","generated_at":"2026-05-06T14:37:19+00:00","cve":"CVE-2016-0918","urls":{"html":"https://cve.report/CVE-2016-0918","api":"https://cve.report/api/cve/CVE-2016-0918.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-0918","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-0918"},"summary":{"title":"CVE-2016-0918","description":"EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2016-09-24 10:59:00","updated_at":"2017-07-30 01:29:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1036896","name":"1036896","refsource":"SECTRACK","tags":[],"title":"RSA Identity Management and Governance Flaw Lets Remote Authenticated Users Obtain Information About Other User Accounts - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/bugtraq/2016/Sep/52","name":"20160923 ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability","refsource":"BUGTRAQ","tags":["Third Party Advisory","VDB Entry"],"title":"Bugtraq: ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/93108","name":"93108","refsource":"BID","tags":[],"title":"Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-0918","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0918","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_identity_management_and_governance","cpe6":"6.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_identity_management_and_governance","cpe6":"6.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_identity_management_and_governance","cpe6":"6.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_identity_management_and_governance","cpe6":"6.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"6.8.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_identity_management_and_governance","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"918","vulnerable":"1","versionEndIncluding":"7.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_via_lifecycle_and_governance","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2016-0918","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"93108","refsource":"BID","url":"http://www.securityfocus.com/bid/93108"},{"name":"20160923 ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability","refsource":"BUGTRAQ","url":"http://seclists.org/bugtraq/2016/Sep/52"},{"name":"1036896","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036896"}]}},"nvd":{"publishedDate":"2016-09-24 10:59:00","lastModifiedDate":"2017-07-30 01:29:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_via_lifecycle_and_governance:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_identity_management_and_governance:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"918","Ordinal":"86537","Title":"CVE-2016-0918","CVE":"CVE-2016-0918","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"918","Ordinal":"1","NoteData":"EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"918","Ordinal":"2","NoteData":"2016-09-24","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"918","Ordinal":"3","NoteData":"2017-07-29","Type":"Other","Title":"Modified"}]}}}