CVE-2015-4542

EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html	Third Party Advisory VDB Entry
http://seclists.org/bugtraq/2015/Sep/105	Third Party Advisory
http://www.securitytracker.com/id/1033649	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_archer_grc:5.5.0:::::::*
	cpe:2.3:a:emc:rsa_archer_grc:5.5.1:::::::*
	cpe:2.3:a:emc:rsa_archer_grc:5.5.2:::::::*

History

No history.

Information

Published : 2015-09-26 01:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-4542

Mitre link : CVE-2015-4542

CVE.ORG link : CVE-2015-4542

JSON object : View

Products Affected

emc

rsa_archer_grc

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-4542", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-26T01:59:04.533", "references": [{"url": "http://packetstormsecurity.com/files/133682/RSA-Archer-GRC-5.5.3-XSS-Improper-Authorization-Information-Disclosure.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://seclists.org/bugtraq/2015/Sep/105", "tags": ["Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1033649", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad en EMC RSA Archer GRC 5.x en versiones anteriores a 5.5.3, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y leer o modificar los mensajes Discussion Forum Fields, a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-12-08T18:52:49.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_grc:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50B6155A-3848-4B95-BE47-B7203A4FA22E"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_grc:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70C0ACBF-DF4A-4235-A925-6EFF5F19E8E4"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_grc:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2416FC38-562D-40DE-97AE-F7181ABE9A41"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}