Information disclosure in Emc Rsa_identity_management_and_governance
CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.
Vulnerability class: Information Disclosure
EPSS: 0.011 (62.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Emc Rsa_identity_management_and_governance — versions 6.9.0, 6.9.1
- Emc Rsa_via_lifecycle_and_governance
- N/a — versions n/a
Weakness classification (CWE)
References
- security_alert@emc.com (vdb-entry, x_refsource_BID)
- security_alert@emc.com (mailing-list, x_refsource_BUGTRAQ, VDB Entry, Third Party Advisory)
- security_alert@emc.com (vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2016-0918?
- CVE-2016-0918 is a medium-severity vulnerability in Emc Rsa_identity_management_and_governance, classified under Information Disclosure. CVSS score: 4.3/10. Published 2016-09-24.
- How severe is CVE-2016-0918?
- Medium severity. CVSS v3 base score is 4.3 out of 10.