[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability
From: <secure () Dell ! com>
Date: 2018-12-28 19:42:48
Message-ID: baaae3ca208c492a850410bac19f26e3 () AUSX13MPS302 ! AMER ! DELL ! COM
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability
Dell EMC Identifier:DSA-2018-224
CVE Identifier: CVE-2018-15780
Severity: Medium
Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products:
RSA Archer versions prior to 6.5 P1 (6.5.0.1)
Summary:
RSA Archer GRC versions prior to 6.5.0.1 contain an improper access control vulnerability that \
could potentially be exploited by malicious users to compromise the affected system.
Details:
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote \
malicious user could potentially exploit this vulnerability to bypass authorization checks and \
gain read access to restricted user information.
Recommendation:
The following RSA Archer release contains resolutions to this vulnerability:
RSA Archer version 6.5.0.1
RSA recommends all customers upgrade at the earliest opportunity.
Workaround: Not available
For additional documentation, downloads and more, visit the RSA Archer Suite page on RSA Link.
Credit: RSA would like to thank Sam Sayen for reporting this vulnerability.
Severity Rating
For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating \
(https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers \
take into account both the base score and any relevant temporal and environmental scores which \
may impact the potential severity associated with particular security vulnerability.
Legal Information
Read and use the information in this RSA Security Advisory to assist in avoiding any situation \
that might arise from the problems described herein. If you have any questions regarding this \
advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security \
LLC and its affiliates, including without limitation, its ultimate parent company, Dell \
Technologies, distribute RSA Security Advisories in order to bring to the attention of users of \
the affected RSA products, important security information. RSA recommends that all users \
determine the applicability of this information to their individual situations and take \
appropriate action. The information set forth herein is provided "as is" without warranty of \
any kind. RSA disclaims all warranties, either express or implied, including the warranties of \
merchantability, fitness for a particular purpose, title and non-infringement. In no event \
shall RSA, its affiliates or its suppliers, be liable for any damages wha tsoever including \
direct, indirect, incidental, consequential, loss of business profits or special damages, even \
if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. \
Some jurisdictions do not allow the exclusion or limitation of liability for consequential or \
incidental damages, so the foregoing limitation may not apply.
Dell Product Security Incident Response Team
secure@dell.com
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlwme+gACgkQgSlofD2Y
i6eWdg/8D9I6CGq0nYWzA9unDXUryhOLvRLnlDzfYwbpMAq0aJZukJ7Sp6JGRDtC
T923P8BI9Mn20vYB6KpRC9dvYyq14inwSRJs7SOwUblYAgWc4QPuecKv/mYeawvd
2OnaNv/QjM501ICUtPb4Lc9Lxv/m/g8jRIitFBbbW2HHQ6aofqNBuM9Z6827NrBo
zVmiCtCHkvb88WOECM9Ie0NCrcX6MQAXYL/DqaXNuV2vDhMTs978nHCmfP6DfAdh
4lYNENBON1Cq71D13KfAMNeXBnhaNLkLvvJVDF2dozBX23rdzfcmc/zAXwe1Nak0
GAmIjSEABQQygcQ2qZxoHySqXEIZaFDnGH7mDFgJXES8a1JBLIiWlNav7GIVC+0l
LmlvzGAiRQ7CUSatt3VP1CtELyfP5sJL9XXOkEu6UgOgXCDWUycW8xrc+WBX6Kff
NX0e1Le8SLWfJ+cmWqMKc08xpkRKjKCDt5mcg2zb5G+sZhKucj67AzW0eR9n3kzU
1+A1baOiFmNd2mtZqjSKho/iZ8h34oJpbWuIn3ZmJ7RVE2PfoYMq4h5WWOMopBIM
d1o9VZ0KGdkWi+H52FktNcVzBzp8LQ/HERqezJN4AwBsFAvIHSrhQwH2UqmyzWJW
3vOTCDUebjlBT2K1204j0dJgY9UV0vhxqJmIsBFHRmAqrINv+SQ=
=H7fJ
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic