Vulnerabilites related to mcafee - vulnerability_manager
cve-2015-8989
Vulnerability from cvelistv5
Published
2017-03-14 22:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10117 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | McAfee Vulnerability Manager (MVM) |
Version: 7.5.8 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Vulnerability Manager (MVM)",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "7.5.8 and earlier"
}
]
}
],
"datePublic": "2015-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsalted password vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T21:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2015-8989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Vulnerability Manager (MVM)",
"version": {
"version_data": [
{
"version_value": "7.5.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsalted password vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2015-8989",
"datePublished": "2017-03-14T22:00:00",
"dateReserved": "2017-02-27T00:00:00",
"dateUpdated": "2024-08-06T08:36:31.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7612
Vulnerability from cvelistv5
Published
2015-10-01 20:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10135 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033682 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135"
},
{
"name": "1033682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-01T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135"
},
{
"name": "1033682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135"
},
{
"name": "1033682",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7612",
"datePublished": "2015-10-01T20:00:00Z",
"dateReserved": "2015-10-01T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:24.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1473
Vulnerability from cvelistv5
Published
2014-01-16 02:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/56394 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/64795 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029591 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90245 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/101939 | vdb-entry, x_refsource_OSVDB | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10061 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-csrf(90245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90245"
},
{
"name": "101939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the \"response web page.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-csrf(90245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90245"
},
{
"name": "101939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the \"response web page.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-csrf(90245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90245"
},
{
"name": "101939",
"refsource": "OSVDB",
"url": "http://osvdb.org/101939"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1473",
"datePublished": "2014-01-16T02:00:00",
"dateReserved": "2014-01-15T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5094
Vulnerability from cvelistv5
Published
2014-01-28 17:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.tenable.com/plugins/index.php?view=single&id=65738 | x_refsource_MISC | |
| http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=KB77772 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58401 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772"
},
{
"name": "58401",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772"
},
{
"name": "58401",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"name": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738",
"refsource": "MISC",
"url": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738"
},
{
"name": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html",
"refsource": "MISC",
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772"
},
{
"name": "58401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5094",
"datePublished": "2014-01-28T17:00:00",
"dateReserved": "2013-08-09T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2199
Vulnerability from cvelistv5
Published
2016-02-01 21:00
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10147 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-01T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2199",
"datePublished": "2016-02-01T21:00:00Z",
"dateReserved": "2016-02-01T00:00:00Z",
"dateUpdated": "2024-09-16T17:58:29.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1472
Vulnerability from cvelistv5
Published
2014-01-16 02:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/56394 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/64795 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029591 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90244 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/101940 | vdb-entry, x_refsource_OSVDB | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10061 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-xss(90244)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244"
},
{
"name": "101940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101940"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-xss(90244)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244"
},
{
"name": "101940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101940"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56394"
},
{
"name": "64795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"name": "1029591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"name": "mcafee-vm-unspec-xss(90244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244"
},
{
"name": "101940",
"refsource": "OSVDB",
"url": "http://osvdb.org/101940"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1472",
"datePublished": "2014-01-16T02:00:00",
"dateReserved": "2014-01-15T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-02-01 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D764B6-F738-4D21-A2E2-85D6F603863A",
"versionEndIncluding": "7.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en la p\u00e1gina de gesti\u00f3n Organizations and Remediation en Enterprise Manager en McAfee Vulnerability Manager (MVM) en versiones anteriores a 7.5.10 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores por peticiones que tienen un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-2199",
"lastModified": "2024-11-21T02:48:01.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-01T21:59:04.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10147"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-01 20:59
Modified
2024-11-21 02:37
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D764B6-F738-4D21-A2E2-85D6F603863A",
"versionEndIncluding": "7.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en la p\u00e1gina Organizations en Enterprise Manager en McAfee Vulnerability Manager (MVM) 7.5.9 y versiones anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores por peticiones que tienen un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-7612",
"lastModified": "2024-11-21T02:37:03.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-01T20:59:08.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033682"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10135"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-16 05:05
Modified
2024-11-21 02:04
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | * | |
| mcafee | vulnerability_manager | 7.0.11 | |
| mcafee | vulnerability_manager | 7.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1D142-EABA-4554-AFD6-6962BDA86D15",
"versionEndIncluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4227EA74-8DAA-43B4-8F00-8DC147C19687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D5C396-D66E-4976-AB79-71D828EB541C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the \"response web page.\""
},
{
"lang": "es",
"value": "Multiples vulnerabilidades cross-site request forgery (CSRF) en Enterprise Manager en McAfee Vulnerability Managery (MVM) 7.5.5 y anteriores que permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para las peticiones que modifican HTML a trav\u00e9s de vectores no especificados relacionados con la \"respuesta de p\u00e1gina Web \""
}
],
"id": "CVE-2014-1473",
"lastModified": "2024-11-21T02:04:19.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-16T05:05:26.663",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/101939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90245"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-14 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62A41E3B-F8BD-4D0F-8CA2-35FCA727C92C",
"versionEndIncluding": "7.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database."
},
{
"lang": "es",
"value": "Vulnerabilidad de contrase\u00f1a sin sal en el componente Enterprise Manager (portal web) en Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 y versiones anteriores permite a los atacantes descifrar m\u00e1s f\u00e1cilmente las contrase\u00f1as de usuario a trav\u00e9s de ataques de fuerza bruta contra la base de datos."
}
],
"id": "CVE-2015-8989",
"lastModified": "2024-11-21T02:39:37.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-14T22:59:00.447",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10117"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-16 05:05
Modified
2024-11-21 02:04
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | * | |
| mcafee | vulnerability_manager | 7.0.11 | |
| mcafee | vulnerability_manager | 7.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1D142-EABA-4554-AFD6-6962BDA86D15",
"versionEndIncluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4227EA74-8DAA-43B4-8F00-8DC147C19687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D5C396-D66E-4976-AB79-71D828EB541C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Enterprise Manager de McAfee Vulnerability Manager (MVM) 7.5.5 y anteriores versiones permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1472",
"lastModified": "2024-11-21T02:04:19.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-16T05:05:26.600",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/101940"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-28 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | vulnerability_manager | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "512F84AA-980D-4B43-982D-A2E123C85290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en index.exp de McAfee Vulnerability Manager 7.5 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro cookie cert_cn."
}
],
"id": "CVE-2013-5094",
"lastModified": "2024-11-21T01:57:00.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-28T17:55:04.013",
"references": [
{
"source": "cve@mitre.org",
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58401"
},
{
"source": "cve@mitre.org",
"url": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tenable.com/plugins/index.php?view=single\u0026id=65738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB77772"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}