CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7612
https://notcve.org/view.php?id=CVE-2015-7612
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página Organizations en Enterprise Manager en McAfee Vulnerability Manager (MVM) 7.5.9 y versiones anteriores, permite a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • http://www.securitytracker.com/id/1033682 https://kc.mcafee.com/corporate/index?page=content&id=SB10135 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7310
https://notcve.org/view.php?id=CVE-2015-7310
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. Vulnerabilidad en McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM) y Enterprise Security Manager/Receiver (ESMREC) en versiones anteriores a 9.3.2MR18, 9.4.x en versiones anteriores a 9.4.2MR8 y 9.5.x en versiones anteriores a 9.5.0MR7, permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de un nombre de archivo manipulado que no es manejado correctamente al descargar el archivo. • http://www.securitytracker.com/id/1033654 https://kc.mcafee.com/corporate/index?page=content&id=SB10133 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7238
https://notcve.org/view.php?id=CVE-2015-7238
The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. Vulnerabilidad en el servidor Secondary en Threat Intelligence Exchange (TIE) en versiones anteriores a 1.2.0, utiliza permisos débiles para (1) archivos de configuración y (2) registros de instalación no especificados, lo que permite a usuarios locales obtener información sensible mediante la lectura de los archivos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10132 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7237
https://notcve.org/view.php?id=CVE-2015-7237
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en salto de directorio en la funcionalidad de visualización de registro remoto en McAfee Agent (MA) 5.x en versiones anteriores a 5.0.2, permite a atacantes remotos obtener información sensible a través de vectores no especificados . • http://www.securitytracker.com/id/1033450 https://kc.mcafee.com/corporate/index?page=content&id=SB10130 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-2859
https://notcve.org/view.php?id=CVE-2015-2859
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Intel McAfee ePolicy Orchestrator (ePO) 4.x hasta 4.6.9 y 5.x hasta 5.1.2 no valida los nombres de servidores y los nombres de de autoridades certificadoras en los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/264092 http://www.securityfocus.com/bid/75020 http://www.securitytracker.com/id/1032571 https://kc.mcafee.com/corporate/index?page=content&id=KB84628 https://kc.mcafee.com/corporate/index?page=content&id=SB10120 • CWE-310: Cryptographic Issues •