PT-2017-5764 · Mcafee · Mcafee Saas Control Console (Scc) Platform

Publicado

2017-03-14

Atualizado

2017-03-29

CVE-2013-7462

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: McAfee SaaS Control Console (SCC) Platform versions 6.14 through 6.14 before patch 1070 McAfee SaaS Control Console (SCC) Platform versions 6.15 through 6.15 before patch 1076

Description: A directory traversal issue in the web application allows unauthenticated users to view the contents of arbitrary system files without file system level read access restrictions. This is achieved through a null-byte injection exploit.

Recommendations: For McAfee SaaS Control Console (SCC) Platform version 6.14, apply patch 1070 to resolve the issue. For McAfee SaaS Control Console (SCC) Platform version 6.15, apply patch 1076 to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2013-7462

Produtos afetados

Mcafee Saas Control Console (Scc) Platform

PT-2017-5764 · Mcafee · Mcafee Saas Control Console (Scc) Platform

CVE-2013-7462

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2