6 matches found
CVE-2015-7612
McAfee Vulnerability Manager (MVM) Enterprise Manager up to version 7.5.9 has CSRF vulnerabilities on the Organizations page. The root cause is cross-site request forgery, enabling remote attackers to hijack administrator authentication for requests with unspecified impact via unknown vectors. Th...
CVE-2014-1473
McAfee Vulnerability Manager (Enterprise Manager) is affected by CVE-2014-1473, with multiple CSRF issues leading to hijacking of user authentication for HTML-modifying requests. The affected versions include MVM 7.0.x prior to 7.0.11.05002, 7.5.x prior to 7.5.4, 7.5.4 prior to 7.5.4.05007, and 7...
CVE-2014-1472
CVE-2014-1472 affects McAfee Vulnerability Manager (MVM) Enterprise Manager. Multiple XSS vulnerabilities exist in MVM 7.5.5 and earlier, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploitation details, affected build ranges, and exact impact beyond ...
CVE-2013-5094
CVE-2013-5094 is an XSS vulnerability in McAfee Vulnerability Manager 7.5, caused by unsafe handling in the index.exp script via the cert_cn cookie parameter. The vulnerability allows a remote attacker to inject and execute arbitrary script in a user’s browser. Public references note this as a cr...
CVE-2015-8989
McAfee Vulnerability Manager (MVM) – Enterprise Manager web portal is affected by CVE-2015-8989. The vulnerability stems from unsalted passwords stored for user accounts, enabling attackers to brute-force passwords against the MVM database. Affected: McAfee Vulnerability Manager prior to version ...
CVE-2016-2199
CVE-2016-2199 describes multiple CSRF vulnerabilities in the McAfee Vulnerability Manager (MVM) Enterprise Manager component, specifically on the Organizations and Remediation management page. The issues allow remote attackers to hijack administrator sessions for requests via unknown vectors, aff...