CVE-2014-2536

2014-03-1817:04:18

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-2536

directory traversal

vulnerability

mcafee cloud identity manager

mcsso

intel expressway cloud access 360-sso

remote authenticated users

information security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.5%

JSON

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.

Affected configurations

NVD

Node

intelexpressway_cloud_access_360Match2.1

intelexpressway_cloud_access_360Match2.5

mcafeecloud_identity_managerMatch3.0

mcafeecloud_identity_managerMatch3.1

mcafeecloud_identity_managerMatch3.5.1

mcafeecloud_single_sign_onMatch4.0.0

CPENameOperatorVersion
intel:expressway_cloud_access_360intel expressway cloud access 360eq2.1
intel:expressway_cloud_access_360intel expressway cloud access 360eq2.5
mcafee:cloud_identity_managermcafee cloud identity managereq3.0
mcafee:cloud_identity_managermcafee cloud identity managereq3.1
mcafee:cloud_identity_managermcafee cloud identity managereq3.5.1
mcafee:cloud_single_sign_onmcafee cloud single sign oneq4.0.0

CPE	Name	Operator	Version
intel:expressway_cloud_access_360	intel expressway cloud access 360	eq	2.1
intel:expressway_cloud_access_360	intel expressway cloud access 360	eq	2.5
mcafee:cloud_identity_manager	mcafee cloud identity manager	eq	3.0
mcafee:cloud_identity_manager	mcafee cloud identity manager	eq	3.1
mcafee:cloud_identity_manager	mcafee cloud identity manager	eq	3.5.1
mcafee:cloud_single_sign_on	mcafee cloud single sign on	eq	4.0.0