Sign-up

ID

VAR-201909-0100


CVE

CVE-2019-3763


TITLE

RSA Identity Governance and Lifecycle Software and Via Lifecycle and Governance Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-009349

DESCRIPTION

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-3763 // JVNDB: JVNDB-2019-009349 // VULHUB: VHN-155198

AFFECTED PRODUCTS

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.1

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.1.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.1

Trust: 1.0

vendor:dellmodel:rsa via lifecycle and governancescope:eqversion:7.0.0

Trust: 1.0

vendor:dellmodel:rsa identity governance and lifecyclescope:eqversion:7.0.2

Trust: 1.0

vendor:dell emc old emcmodel:rsa identity governance and lifecyclescope:ltversion:7.1.0 p08

Trust: 0.8

vendor:dell emc old emcmodel:rsa via lifecycle and governancescope:ltversion:7.1.0 p08

Trust: 0.8

sources: JVNDB: JVNDB-2019-009349 // NVD: CVE-2019-3763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3763
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3763
value: HIGH

Trust: 1.0

NVD: CVE-2019-3763
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-589
value: HIGH

Trust: 0.6

VULHUB: VHN-155198
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3763
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155198
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3763
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3763
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-3763
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155198 // JVNDB: JVNDB-2019-009349 // CNNVD: CNNVD-201909-589 // NVD: CVE-2019-3763 // NVD: CVE-2019-3763

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-155198 // JVNDB: JVNDB-2019-009349 // NVD: CVE-2019-3763

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-589

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201909-589

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009349

PATCH
title:DSA-2019-134: RSA Identity Governance and Lifecycle Product Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-106943/DSA-2019-134-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi
Trust: 0.8
title:Dell RSA Identity Governance and Lifecycle  and RSA Via Lifecycle and Governance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98170
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009349 // 
            
            
            
            CNNVD: CNNVD-201909-589

EXTERNAL IDS
db:NVDid:CVE-2019-3763
Trust: 2.5
db:JVNDBid:JVNDB-2019-009349
Trust: 0.8
db:CNNVDid:CNNVD-201909-589
Trust: 0.7
db:VULHUBid:VHN-155198
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155198 // 
            
            
            
            JVNDB: JVNDB-2019-009349 // 
            
            
            
            CNNVD: CNNVD-201909-589 // 
            
            
            
            NVD: CVE-2019-3763

REFERENCES
url:https://community.rsa.com/docs/doc-106943
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3763
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3763
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-106943/dsa-2019-134-rsa-identity-governance-and-lifecycle-product-security-update-for-multiple-vulnerabi
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155198 // 
            
            
            
            JVNDB: JVNDB-2019-009349 // 
            
            
            
            CNNVD: CNNVD-201909-589 // 
            
            
            
            NVD: CVE-2019-3763

SOURCES
db:VULHUBid:VHN-155198
db:JVNDBid:JVNDB-2019-009349
db:CNNVDid:CNNVD-201909-589
db:NVDid:CVE-2019-3763

LAST UPDATE DATE
2024-11-23T21:36:55.236000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155198date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-009349date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-589date:2020-10-28T00:00:00
db:NVDid:CVE-2019-3763date:2024-11-21T04:42:29.020

SOURCES RELEASE DATE
db:VULHUBid:VHN-155198date:2019-09-11T00:00:00
db:JVNDBid:JVNDB-2019-009349date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-589date:2019-09-11T00:00:00
db:NVDid:CVE-2019-3763date:2019-09-11T20:15:11.630