CVE-2016-0899

MEDIUM

EMC RSA Archer GRC <5.5.3.4 - Info Disclosure

Title source: llm

Description

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

References (2)

[Mailing List] http://seclists.org/bugtraq/2016/Jun/54

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036080

Scores

CVSS v3 6.3

EPSS 0.0017

EPSS Percentile 38.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (5)

emc/rsa_archer_egrc

Timeline

Published Jul 04, 2016

Tracked Since Feb 18, 2026