Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2053

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-2053
Last Modified 09 Mar 2015 10:00:23
Published 23 Feb 2015 12:59:10
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2053

Summary

The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.

Vulnerable Systems

Application

  • Mcafee Agent 4.8.0

  • Mcafee Agent 5.0.0


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10094

SECTRACK - 1031821


Last Updated: 27 May 2016 11:07:55