EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks.
[
{
"product": "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC RSA Archer GRC Platform RSA Archer versions prior to 6.2.0.8"
}
]
}
]