mcafee vulnerability manager vulnerabilities and exploits

(subscribe to this query)

6.8

CVSSv2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and previous versions allow remote malicious users to hijack the authentication of users for requests that modify HTML via unspecified vectors related ...

Mcafee Vulnerability Manager 7.5.4 Mcafee Vulnerability Manager 7.0.11 Mcafee Vulnerability Manager

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Mcafee Vulnerability Manager 7.0.11 Mcafee Vulnerability Manager Mcafee Vulnerability Manager 7.5.4

6.8

CVSSv2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that have unspecif...

Mcafee Vulnerability Manager

6.8

CVSSv2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) prior to 7.5.10 allow remote malicious users to hijack the authentication of administrators for requests tha...

Mcafee Vulnerability Manager

4

CVSSv2

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and previous versions allows malicious users to more easily decrypt user passwords via brute force attacks against the database.

Mcafee Vulnerability Manager

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote malicious users to inject arbitrary web script or HTML via the cert_cn cookie parameter.

Mcafee Vulnerability Manager 7.5

1 EDB exploit

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

Mcafee Intrushield Network Security Manager 5.1.7.73 Mcafee Intrushield Network Security Manager 5.1.7.7 Mcafee Intrushield Network Security Manager

2 EDB exploits

4.3

CVSSv2

McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote malicious users to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

Mcafee Intrushield Network Security Manager 5.1.7.73 Mcafee Intrushield Network Security Manager 5.1.7.7 Mcafee Intrushield Network Security Manager

1 EDB exploit

3.5

CVSSv2

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) before 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

Mcafee Network Security Manager 9.1 Mcafee Network Security Manager

4.3

CVSSv2

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) prior to 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the...

Mcafee Cloud Identity Manager 3.0 Mcafee Cloud Identity Manager 3.1 Mcafee Cloud Identity Manager 3.5.1 Mcafee Cloud Single Sign On 4.0.0 Intel Expressway Cloud Access 360 2.1 Intel Expressway Cloud Access 360 2.5

Get Started

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook