DellCVE-2019-3763CVE-2019-3763
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:-:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p1:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p2_hotfix2:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p3:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p4:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.1 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5_hotfix2:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.2 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:-:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.2 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p1:*:*:*:*:*:* |
| dell | rsa_identity_governance_and_lifecycle | 7.0.2 | cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p10:*:*:*:*:*:* |
CNA Affected
[
{
"product": "RSA Identity Governance and Lifecycle",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.1.1 P02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "7.1.0 P08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "RSA Via Lifecycle and Governance",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
]References
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%