Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2014-2588

Published: 24/03/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Asset Manager

Vulnerability Summary

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

mcafee asset manager 6.6

Exploits

Exploit DB: McAfee Asset Manager 6.6 - Multiple Vulnerabilities
Cloud SSO is vuln to unauthed XSS in the authentication audit form: twittercom/BrandonPrry/status/445969380656943104 McAfee Asset Manager v66 multiple vulnerabilities wwwmcafeecom/us/products/asset-manageraspx Authenticated arbitrary file read An unprivileged authenticated user can download arbitrary files with the permissio ...

References

CWE-22http://www.osvdb.org/104633http://www.securitytracker.com/id/1029927http://seclists.org/fulldisclosure/2014/Mar/325http://www.securityfocus.com/bid/66302http://www.exploit-db.com/exploits/32368http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91930https://nvd.nist.govhttps://www.exploit-db.com/exploits/32368/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-35977CVE-2023-49335man-in-the-middleCVE-2024-4947CVE-2024-31714memory leakSQLCVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook