CVE-2014-1473

2014-01-1605:05:26

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-1473

csrf

mcafee

vulnerability manager

enterprise manager

html

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the “response web page.”

Affected configurations

NVD

Node

mcafeevulnerability_managerRange≤7.5.5

mcafeevulnerability_managerMatch7.0.11

mcafeevulnerability_managerMatch7.5.4

CPENameOperatorVersion
mcafee:vulnerability_managermcafee vulnerability managerle7.5.5
mcafee:vulnerability_managermcafee vulnerability managereq7.0.11
mcafee:vulnerability_managermcafee vulnerability managereq7.5.4

CPE	Name	Operator	Version
mcafee:vulnerability_manager	mcafee vulnerability manager	le	7.5.5
mcafee:vulnerability_manager	mcafee vulnerability manager	eq	7.0.11
mcafee:vulnerability_manager	mcafee vulnerability manager	eq	7.5.4