Lucene search

DellCVELIST:CVE-2018-15780

HistoryDec 28, 2018 - 12:00 a.m.

CVE-2018-15780 DSA-2018-224: RSA Archer GRC Platform Improper Access Control Vulnerability

2018-12-2800:00:00

dell

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.

CNA Affected

[
  {
    "product": "RSA Archer",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "6.5.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106396

seclists.org/fulldisclosure/2019/Jan/3

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVELIST:CVE-2018-15780