SB2016092402 - Information Disclosure in RSA Identity Management and Governance
Published: September 24, 2016 Updated: September 27, 2016
Security Bulletin ID
SB2016092402
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information Disclosure (CVE-ID: CVE-2016-0918)
The vulnerability allows a remote user to obtain non-sensitive information on the target system.The weakness exists due to improper access control. Using of specially crafted URL allows attacker to access the target user's data.
Successful exploitation of the vulnerability may result in access to user's accounts on the vulnerable system.
Remediation
Install update from vendor's website.