Article Content
Article Number | 000033247 |
Applies To | RSA Product Set: RSA Via Lifecycle & Governance RSA Product/Service Type: Identity Management and Governance RSA Version/Condition: 6.8.1 P01 - P24, 6.9.1 P01 - P14, 7.0.0 P01 - P03 |
Issue | Due to a potential security vulnerability in RSA Via Lifecycle & Governance (RSA Via L&G) the product now restricts how much information about a user is displayed in the Edit Attributes pop-up screen.. If a user that is privileged to see the user opens the Edit Attributes pop-up screen, all attributes are displayed. For non-privileged users, only the user’s name, title, business unit and availability status are shown. Prior to this change, non-privileged users could access this view allowing them to view all the details for users they were not authorized to view. |
Cause | Lack of security checks when display the user dialog. |
Resolution | The following RSA Via Lifecycle and Governance releases contain resolutions to these vulnerabilities:
|
Workaround | There is no work around for this issue. Please patch to the listed versions. |