CVE-2016-0918
Description
RSA Identity Management and Governance and Via Lifecycle and Governance allow authenticated users to view restricted user details via a crafted URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
RSA Identity Management and Governance and Via Lifecycle and Governance allow authenticated users to view restricted user details via a crafted URL.
Vulnerability
The vulnerability exists in RSA Identity Management and Governance (IDMG) and RSA Via Lifecycle and Governance. In IDMG versions before 6.8.1 P25 and 6.9.x before 6.9.1 P15, and Via Lifecycle and Governance before 7.0.0 P04, a remote authenticated user can obtain User Detail Popup information by manipulating a URL [1]. The issue arises from insufficient access control checks on the endpoint serving user detail popups.
Exploitation
An attacker must have valid authentication credentials for the affected system. By crafting a modified URL, the attacker can request User Detail Popup information that would normally be restricted [1]. No additional privileges or user interaction are required beyond authentication.
Impact
Successful exploitation allows the attacker to view User Detail Popup information, which may include sensitive user details such as personal data or role assignments [1]. The impact is limited to information disclosure; the attacker does not gain administrative control or ability to modify data.
Mitigation
EMC released fixes in IDMG 6.8.1 P25, 6.9.1 P15, and Via Lifecycle and Governance 7.0.0 P04 [1]. Users should upgrade to these versions or later. No workarounds are documented in the available reference [1]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:emc:rsa_identity_management_and_governance:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:emc:rsa_identity_management_and_governance:*:*:*:*:*:*:*:*range: <=6.8.1
- cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_identity_management_and_governance:6.9.1:*:*:*:*:*:*:*
- (no CPE)range: <6.8.1 P25
- cpe:2.3:a:emc:rsa_via_lifecycle_and_governance:*:*:*:*:*:*:*:*Range: <=7.0.0
- Range: <7.0.0 P04
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- seclists.org/bugtraq/2016/Sep/52nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/93108nvd
- www.securitytracker.com/id/1036896nvd
News mentions
0No linked articles in our index yet.