EMC RSA Archer GRC 5.5.x prior to 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
emc rsa archer egrc 5.5 |
||
emc rsa archer egrc 5.5.1 |
||
emc rsa archer egrc 5.5.2.3 |
||
emc rsa archer egrc 5.5.1.3 |