Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2586

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2586
Last Modified 24 Mar 2014 06:15:40
Published 24 Mar 2014 12:38:59
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2586

Summary

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

Vulnerable Systems

Application

  • Mcafee Cloud Single Sign On -


References

MISC - https://twitter.com/BrandonPrry/status/445969380656943104

BID - 66302

EXPLOIT-DB - 32368

FULLDISC - 20140318 McAfee Cloud SSO and McAfee Asset Manager vulns

MISC - http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html


Last Updated: 27 May 2016 11:04:46