cbcvebase.
CVE-2016-0899
published 2016-07-04

CVE-2016-0899: EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by…

PriorityP429medium6.3CVSS 3.0
AVNACHPRLUINSCCHINAN
EPSS
0.83%
52.9th percentile
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

Affected

4 ranges
VendorProductVersion rangeFixed in
emcrsa_archer_egrc
emcrsa_archer_egrc
emcrsa_archer_egrc
emcrsa_archer_egrc

CVSS provenance

nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
ghsa7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.