|Applies To||RSA Product Set: RSA Via Lifecycle & Governance|
RSA Product/Service Type: Identity Management and Governance
RSA Version/Condition: 6.8.1 P01 - P24, 6.9.1 P01 - P14, 7.0.0 P01 - P03
|Issue||Due to a potential security vulnerability in RSA Via Lifecycle & Governance (RSA Via L&G) the product now restricts how much information about a user is displayed in the Edit Attributes pop-up screen.. If a user that is privileged to see the user opens the Edit Attributes pop-up screen, all attributes are displayed. For non-privileged users, only the user’s name, title, business unit and availability status are shown.|
Prior to this change, non-privileged users could access this view allowing them to view all the details for users they were not authorized to view.
|Cause||Lack of security checks when display the user dialog.|
|Resolution||The following RSA Via Lifecycle and Governance releases contain resolutions to these vulnerabilities:|
|Workaround||There is no work around for this issue. Please patch to the listed versions.|