// For flags

CVE-2015-7310

 

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.

Vulnerabilidad en McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM) y Enterprise Security Manager/Receiver (ESMREC) en versiones anteriores a 9.3.2MR18, 9.4.x en versiones anteriores a 9.4.2MR8 y 9.5.x en versiones anteriores a 9.5.0MR7, permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de un nombre de archivo manipulado que no es manejado correctamente al descargar el archivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-09-22 CVE Reserved
  • 2015-09-22 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager
Search vendor "Mcafee" for product "Enterprise Security Manager"
<= 9.3.2
Search vendor "Mcafee" for product "Enterprise Security Manager" and version " <= 9.3.2"
mr17
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager
Search vendor "Mcafee" for product "Enterprise Security Manager"
<= 9.4.2
Search vendor "Mcafee" for product "Enterprise Security Manager" and version " <= 9.4.2"
mr7
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager
Search vendor "Mcafee" for product "Enterprise Security Manager"
<= 9.5.0
Search vendor "Mcafee" for product "Enterprise Security Manager" and version " <= 9.5.0"
mr6
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/log Manager
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager"
<= 9.3.2
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager" and version " <= 9.3.2"
mr17
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/log Manager
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager"
<= 9.4.2
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager" and version " <= 9.4.2"
mr7
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/log Manager
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager"
<= 9.5.0
Search vendor "Mcafee" for product "Enterprise Security Manager\/log Manager" and version " <= 9.5.0"
mr6
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/receiver
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver"
<= 9.3.2
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver" and version " <= 9.3.2"
mr17
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/receiver
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver"
<= 9.4.2
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver" and version " <= 9.4.2"
mr7
Affected
Mcafee
Search vendor "Mcafee"
Enterprise Security Manager\/receiver
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver"
<= 9.5.0
Search vendor "Mcafee" for product "Enterprise Security Manager\/receiver" and version " <= 9.5.0"
mr6
Affected