6 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. Vulnerabilidad de contraseña sin sal en el componente Enterprise Manager (portal web) en Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 y versiones anteriores permite a los atacantes descifrar más fácilmente las contraseñas de usuario a través de ataques de fuerza bruta contra la base de datos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10117 • CWE-310: Cryptographic Issues •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página de gestión Organizations and Remediation en Enterprise Manager en McAfee Vulnerability Manager (MVM) en versiones anteriores a 7.5.10 permiten a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10147 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página Organizations en Enterprise Manager en McAfee Vulnerability Manager (MVM) 7.5.9 y versiones anteriores, permite a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • http://www.securitytracker.com/id/1033682 https://kc.mcafee.com/corporate/index?page=content&id=SB10135 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. Vulnerabilidad de XSS en index.exp de McAfee Vulnerability Manager 7.5 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro cookie cert_cn. • https://www.exploit-db.com/exploits/38368 http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html http://www.securityfocus.com/bid/58401 http://www.tenable.com/plugins/index.php?view=single&id=65738 https://kc.mcafee.com/corporate/index?page=content&id=KB77772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en Enterprise Manager de McAfee Vulnerability Manager (MVM) 7.5.5 y anteriores versiones permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/101940 http://secunia.com/advisories/56394 http://www.securityfocus.com/bid/64795 http://www.securitytracker.com/id/1029591 https://exchange.xforce.ibmcloud.com/vulnerabilities/90244 https://kc.mcafee.com/corporate/index?page=content&id=SB10061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •