CVE-2016-8006

Sažetak

Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands.

Reference

http://www.quantumleap.it/mcafee-siem-esm-esmrec-authentication-bypass-vulnerability/
http://www.securityfocus.com/bid/95313
https://kc.mcafee.com/corporate/index?page=content&id=KB87744
https://www.narthar.it/DOC/McAfee_SIEM_9.6_Authentication_bypass_vulnerability.html

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-01-2017 - 02:59

Objavljeno

05-01-2017 - 22:59