Main Vulnerability Database Vulnerabilities #VU7314

Information disclosure in RSA Archer - CVE-2017-5000

Published: July 4, 2017

Vulnerability identifier: #VU7314

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5000

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
RSA Archer

Detailed vulnerability description

The vulnerability allows a remote privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation. A remote attacker can send specially crafted data and gain access to potentially sensitive information from an error message.

Successful exploitation of the vulnerability results in information disclosure.

How to mitigate CVE-2017-5000

Update to version 6.2.0.2.

Sources

http://seclists.org/fulldisclosure/2017/Jun/49

Information disclosure in RSA Archer - CVE-2017-5000

Detailed vulnerability description

How to mitigate CVE-2017-5000

Sources

Please verify you're human