CVE-2019-3716
HIGHRSA Archer Grc Platform < 6.5.2.0 - Log Information Exposure
Title source: ruleDescription
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2019/Mar/19
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107406
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
rsa/archer_grc_platform
< 6.5.2.0
Published
Mar 13, 2019
Tracked Since
Feb 18, 2026