CVE-2019-3715
HIGHRSA Archer Grc Platform < 6.5 - Log Information Exposure
Title source: ruleDescription
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2019/Mar/19
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107443
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (2)
rsa/archer_grc_platform
6.5
rsa/archer_grc_platform
< 6.5
Published
Mar 13, 2019
Tracked Since
Feb 18, 2026