CVE-2018-1219

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2018/Mar/12	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/103319	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040457	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:rsa_archer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-08 15:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-1219

Mitre link : CVE-2018-1219

CVE.ORG link : CVE-2018-1219

JSON object : View

Products Affected

emc

rsa_archer

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-1219", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-03-08T15:29:00.673", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Mar/12", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/103319", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1040457", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks."}, {"lang": "es", "value": "EMC RSA Archer, en versiones anteriores a la 6.2.0.8, contiene una vulnerabilidad de control de acceso incorrecto en una API que se utiliza para enumerar la informaci\u00f3n de usuario. Un usuario malicioso remoto autenticado podr\u00eda explotar esta vulnerabilidad para reunir informaci\u00f3n sobre la base de usuarios y podr\u00eda utilizar esta informaci\u00f3n en futuros ataques."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37D0283-A8DF-46DC-8A8B-7694B15008F7", "versionEndExcluding": "6.2.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}