CVE-2019-3756
18.09.2019, 23:15
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rsa | archer | 𝑥 < 6.6.0.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.