CVE-2019-3716: Information Exposure Vulnerability
First published: Sat Mar 09 2019(Updated: )
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
Credit: security_alert@emc.com security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Archer GRC Platform | <6.5.2.0 | |
| <6.5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3716?
CVE-2019-3716 is an information exposure vulnerability in RSA Archer versions prior to 6.5 SP2.
What is the severity of CVE-2019-3716?
CVE-2019-3716 has a severity rating of 7.8 (high).
How does CVE-2019-3716 affect RSA Archer?
CVE-2019-3716 exposes the database connection password in plain text in RSA Archer log files for versions prior to 6.5 SP2.
Who is affected by CVE-2019-3716?
Organizations using RSA Archer versions prior to 6.5 SP2 are affected by CVE-2019-3716.
How can I fix CVE-2019-3716?
To fix CVE-2019-3716, update RSA Archer to version 6.5 SP2 or later.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/rsa
- canonical/rsa archer grc platform