CVE-2019-3763
high-risk
Published 2019-09-11
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Rsa Identity Governance And Lifecycle
Affected Vendors
References (2)
Vendor Advisory
https://community.rsa.com/docs/DOC-106943
Vendor Advisory
https://community.rsa.com/docs/DOC-106943
51
/ 100
high-risk
Severity
27/34 · High
Exploitability
0/34 · Minimal
Exposure
24/34 · High