Vulnerability Details : CVE-2019-3763
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.
Products affected by CVE-2019-3763
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:-:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p2:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p4:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p10:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p11:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p12:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p13:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p14:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p1:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p2_hotfix2:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p3:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p4:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p6:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p7:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p8:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p9:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5_hotfix2:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p1:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p3:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p5:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p1:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p2:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p3:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p4:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p5:*:*:*:*:*:*
- cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3763
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
Dell |
CWE ids for CVE-2019-3763
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2019-3763
-
https://community.rsa.com/docs/DOC-106943
DSA-2019-134: RSA Identity Governance and Lifec... | RSA LinkVendor Advisory
Jump to