Information Exposure Vulnerability in RSA Identity Governance and Lifecycle Software
CVE-2019-3763

8.8HIGH

Key Information:

Vendor: Dell
Status: Rsa Identity Governance And Lifecycle; Rsa Via Lifecycle And Governance
Vendor: CVE Published:; 11 September 2019

Summary

An information exposure vulnerability exists in RSA Identity Governance and Lifecycle software, as well as RSA Via Lifecycle and Governance products prior to version 7.1.0 P08. In these versions, passwords for Office 365 users may be inadvertently logged in plain text format within the debug log files of the Office 365 connector. An authenticated local attacker with access to these logs could exploit this issue to obtain the exposed passwords, potentially leading to further breaches and unauthorized access.

Affected Version(s)

RSA Identity Governance and Lifecycle < 7.1.1 P02

RSA Identity Governance and Lifecycle < 7.1.0 P08

RSA Identity Governance and Lifecycle 7.0.2

References

https://community.rsa.com/docs/DOC-106943

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Jan 3, 2019