Information Disclosure in RSA Identity Management and Governance - CVE-2016-0918
Published: September 27, 2016
Vulnerability identifier: #VU662
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0918
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: RSA
Affected software:
RSA Identity Management and Governance
RSA Identity Management and Governance
Detailed vulnerability description
The vulnerability allows a remote user to obtain non-sensitive information on the target system.
The weakness exists due to improper access control. Using of specially crafted URL allows attacker to access the target user's data.
Successful exploitation of the vulnerability may result in access to user's accounts on the vulnerable system.
The weakness exists due to improper access control. Using of specially crafted URL allows attacker to access the target user's data.
Successful exploitation of the vulnerability may result in access to user's accounts on the vulnerable system.
How to mitigate CVE-2016-0918
Update to 6.8.1 P25, 6.9.1 P15, 7.0.0 P04.