← back
CVE-2019-3763

CVE-2019-3763

CVSS 8.8 HIGHEPSS 0.3%CWE-532
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Sep 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Dell · RSA Identity Governance and LifecycleDell · RSA Via Lifecycle and Governance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.rsa.com/docs/DOC-106943