CVE-2016-0899

MEDIUM

EMC RSA Archer GRC <5.5.3.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2016/Jun/54
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036080

Scores

CVSS v3 6.3
EPSS 0.0017
EPSS Percentile 38.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
emc/rsa_archer_egrc 5.5 (2 CPE variants)
emc/rsa_archer_egrc 5.5.1
emc/rsa_archer_egrc 5.5.1.3
emc/rsa_archer_egrc 5.5.2.3
Published Jul 04, 2016
Tracked Since Feb 18, 2026