Information Disclosure Vulnerability in RSA Archer
CVE-2019-3756

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Rsa Archer
Vendor: CVE Published:; 18 September 2019

Summary

An information disclosure vulnerability exists in RSA Archer that reveals sensitive data from the backend database to low-privileged users. This issue arises under specific error conditions, potentially exposing critical information about the application's data architecture and user information. Organizations using versions of RSA Archer prior to 6.6 P3 (6.6.0.3) should evaluate their risk and consider upgrading to mitigate this exposure.

Affected Version(s)

RSA Archer prior to 6.6 P3 (6.6.0.3)

References

https://community.rsa.com/docs/DOC-106759

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Jan 3, 2019