Vulnerability Details CVE-2016-0899
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.4%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 3.5
Products affected by CVE-2016-0899
-
cpe:2.3:a:emc:rsa_archer_egrc:5.5
-
cpe:2.3:a:emc:rsa_archer_egrc:5.5.1
-
cpe:2.3:a:emc:rsa_archer_egrc:5.5.1.3
-
cpe:2.3:a:emc:rsa_archer_egrc:5.5.2.3