CVE-2019-3756 - Vulnerability Details - OpenCVE

RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00226.

Key SSVC decision points have not yet been added.

Vendors	Products
Rsa Subscribe	Archer Subscribe

Configuration 1 [-]

cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-13391	RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.rsa.com/docs/DOC-106759

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-09-18T22:23:10.177981Z

Updated: 2024-09-16T17:39:15.211Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3756

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-18T23:15:11.237

Modified: 2024-11-21T04:42:28.283

Link: CVE-2019-3756

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "RSA Archer", "vendor": "Dell", "versions": [{"status": "affected", "version": "prior to 6.6 P3 (6.6.0.3)"}]}], "datePublic": "2019-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209: Information Exposure Through an Error Message", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-31T15:12:36", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.rsa.com/docs/DOC-106759"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2019-08-28", "ID": "CVE-2019-3756", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSA Archer", "version": {"version_data": [{"version_value": "prior to 6.6 P3 (6.6.0.3)"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions."}]}, "impact": {"cvss": {"baseScore": 6.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-209: Information Exposure Through an Error Message"}]}]}, "references": {"reference_data": [{"name": "https://community.rsa.com/docs/DOC-106759", "refsource": "MISC", "url": "https://community.rsa.com/docs/DOC-106759"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.341Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.rsa.com/docs/DOC-106759"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2019-3756", "datePublished": "2019-09-18T22:23:10.177981Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T17:39:15.211Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE67A59-E943-4711-B5EA-E133E84B263B", "versionEndExcluding": "6.6.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions."}, {"lang": "es", "value": "RSA Archer, versiones anteriores a 6.6 P3 (6.6.0.3), contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. La informaci\u00f3n relacionada con la base de datos del backend es divulgada en la IU de usuarios de RSA Archer poco privilegiados bajo ciertas condiciones de error."}], "id": "CVE-2019-3756", "lastModified": "2024-11-21T04:42:28.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-18T23:15:11.237", "references": [{"source": "security_alert@emc.com", "url": "https://community.rsa.com/docs/DOC-106759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://community.rsa.com/docs/DOC-106759"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}