Main Vulnerability Database Vulnerabilities #VU40090

Information disclosure in RSA Identity Management and Governance - CVE-2016-0918

Published: September 24, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40090

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-0918

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: RSA

Affected software:
RSA Identity Management and Governance

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.

How to mitigate CVE-2016-0918

Install update from vendor's website.

Sources

http://seclists.org/bugtraq/2016/Sep/52
http://www.securityfocus.com/bid/93108
http://www.securitytracker.com/id/1036896

Information disclosure in RSA Identity Management and Governance - CVE-2016-0918

Detailed vulnerability description

How to mitigate CVE-2016-0918

Sources

Please verify you're human