Lucene search

[email protected]NVD:CVE-2014-2390

HistoryAug 29, 2014 - 4:55 p.m.

CVE-2014-2390

2014-08-2916:55:10

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.

Affected configurations

NVD

Node

mcafeenetwork_security_managerRange6.1.15–6.1.15.39

mcafeenetwork_security_managerRange7.1.5–7.1.5.15

mcafeenetwork_security_managerRange7.1.15–7.1.15.7

mcafeenetwork_security_managerRange7.5.5–7.5.5.9

mcafeenetwork_security_managerRange8.1.7–8.1.7.3

References

www.securitytracker.com/id/1030674

kc.mcafee.com/corporate/index?page=content&id=SB10081

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.4%

JSON

Related for NVD:CVE-2014-2390

cvelist1 cve1 prion1