A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.