Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000033247 - RSA Via Lifecycle & Governance Information Defined in User Detail Popups

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000033247
Applies To	RSA Product Set: RSA Via Lifecycle & Governance RSA Product/Service Type: Identity Management and Governance RSA Version/Condition: 6.8.1 P01 - P24, 6.9.1 P01 - P14, 7.0.0 P01 - P03
Issue	Due to a potential security vulnerability in RSA Via Lifecycle & Governance (RSA Via L&G) the product now restricts how much information about a user is displayed in the Edit Attributes pop-up screen.. If a user that is privileged to see the user opens the Edit Attributes pop-up screen, all attributes are displayed. For non-privileged users, only the user’s name, title, business unit and availability status are shown. Prior to this change, non-privileged users could access this view allowing them to view all the details for users they were not authorized to view.
Cause	Lack of security checks when display the user dialog.
Resolution	The following RSA Via Lifecycle and Governance releases contain resolutions to these vulnerabilities: RSA Identity Management and Governance 6.8.1 P25 RSA Identity Management and Governance 6.9.1 P15, and RSA Via Lifecycle and Governance 7.0.0 P04
Workaround	There is no work around for this issue. Please patch to the listed versions.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

How to show/hide attributes in Popups?