CVE-2019-3763 HIGH

CVE-2019-3763

Vendor Dell
Product RSA Identity Governance and Lifecycle
Weakness CWE-532 · Sensitive info in logs
Published September 11, 2019
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Key dates

02Disclosure timeline

September 11, 2019 CVE published
September 16, 2024 Record updated