Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2588

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-2588
Last Modified 01 Apr 2014 02:29:39
Published 24 Mar 2014 12:38:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2588

Summary

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

Vulnerable Systems

Application

  • Mcafee Asset Manager 6.6


References

SECTRACK - 1029927

BID - 66302

OSVDB - 104633

EXPLOIT-DB - 32368

FULLDISC - 20140318 McAfee Cloud SSO and McAfee Asset Manager vulns

MISC - http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html

XF - mcafee-asset-dir-traversal(91930)


Last Updated: 27 May 2016 11:04:48