CVE-2019-3715: Information Exposure Vulnerability
First published: Sat Mar 09 2019(Updated: )
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.
Credit: security_alert@emc.com security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Archer GRC Platform | <6.5 | |
| RSA Archer GRC Platform | =6.5 | |
| <6.5 | ||
| =6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3715?
CVE-2019-3715 is an information exposure vulnerability in RSA Archer versions prior to 6.5 SP1.
What is the severity of CVE-2019-3715?
CVE-2019-3715 has a severity rating of 5.5 (high).
What is affected by CVE-2019-3715?
RSA Archer versions prior to 6.5 SP1 are affected by CVE-2019-3715.
How does CVE-2019-3715 work?
CVE-2019-3715 allows an authenticated malicious local user to obtain plain text session information from the RSA Archer log files.
How can I fix CVE-2019-3715?
To fix CVE-2019-3715, users should update to RSA Archer version 6.5 SP1 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/rsa
- canonical/rsa archer grc platform
- version/rsa archer grc platform/6.5