CVE-2019-3763

CVSS 8.8 HIGHEPSS 0.3%CWE-532

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 set 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Dell · RSA Identity Governance and Lifecycle Dell · RSA Via Lifecycle and Governance

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://community.rsa.com/docs/DOC-106943