CVE-2019-3763
Last modified
CVE-2019-3763 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Rsa Identity Governance And Lifecycle | 7.0.1 |
| Dell | Rsa Identity Governance And Lifecycle | 7.0.2 |
| Dell | Rsa Identity Governance And Lifecycle | 7.1.0 |
| Dell | Rsa Identity Governance And Lifecycle | 7.1.1 |
| Dell | Rsa Via Lifecycle And Governance | 7.0.0 |
References
- https://community.rsa.com/docs/DOC-106943Vendor Advisory
- https://community.rsa.com/docs/DOC-106943Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-3763?
How severe is CVE-2019-3763?
How do I fix CVE-2019-3763?
Are you affected by CVE-2019-3763?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST