PT-2014-4768 · Mcafee+1 · Mcafee Cloud Single Sign On+2

Publicado

2014-03-18

Atualizado

2014-04-01

CVE-2014-2536

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions McAfee Cloud Identity Manager versions 3.0 through 3.5.1 McAfee Cloud Single Sign On (MCSSO) versions prior to 4.0.1 Intel Expressway Cloud Access 360-SSO versions 2.1 through 2.5

Description A directory traversal issue allows remote authenticated users to read a file containing a hash of the administrator password.

Recommendations For McAfee Cloud Identity Manager versions 3.0 through 3.5.1, update to a version outside of the affected range. For McAfee Cloud Single Sign On (MCSSO) versions prior to 4.0.1, update to version 4.0.1 or later. For Intel Expressway Cloud Access 360-SSO versions 2.1 through 2.5, consider restricting access to sensitive files until a patch is available.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2014-2536

Produtos afetados

Intel Expressway Cloud Access 360-Sso

Mcafee Cloud Identity Manager

Mcafee Cloud Single Sign On

PT-2014-4768 · Mcafee+1 · Mcafee Cloud Single Sign On+2

CVE-2014-2536

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5