CVE-2019-3763

Summary

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Affected Software

VendorProductVersion RangeStatus
DellRSA Identity Governance and Lifecycleunspecified < 7.1.1 P02affected
DellRSA Identity Governance and Lifecycleunspecified < 7.1.0 P08affected
DellRSA Identity Governance and Lifecycle7.0.2affected
DellRSA Identity Governance and Lifecycle7.0.1affected
DellRSA Via Lifecycle and Governance7.0affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

ADP Enrichment

CVE Program Container

Additional References

References