Design/Logic Flaw

2015-09-2601:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.2%

JSON

EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields.

CPENameOperatorVersion
rsa_archer_grceq5.5.0
rsa_archer_grceq5.5.1
rsa_archer_grceq5.5.2

Name	Operator	Version
rsa_archer_grc	eq	5.5.0
rsa_archer_grc	eq	5.5.1
rsa_archer_grc	eq	5.5.2

References

packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html

seclists.org/bugtraq/2015/Sep/105

www.securitytracker.com/id/1033649