CVE-2016-0899

EUVD-2016-0910
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
emcrsa_archer_egrc
5.5
emcrsa_archer_egrc
5.5:sp1
emcrsa_archer_egrc
5.5.1
emcrsa_archer_egrc
5.5.1.3
emcrsa_archer_egrc
5.5.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Jun/54
http://www.securitytracker.com/id/1036080
http://seclists.org/bugtraq/2016/Jun/54
http://www.securitytracker.com/id/1036080