CVE-2016-8006

Name of the Vulnerable Software and Affected Versions McAfee Security Information and Event Management (SIEM) version 9.6.0 MR3

Description An issue in McAfee Security Information and Event Management (SIEM) allows an administrator to bypass authentication and make changes to other SIEM users' information, including user passwords, without providing the current administrator password a second time via the GUI or GUI terminal commands.

Recommendations For McAfee Security Information and Event Management (SIEM) version 9.6.0 MR3, consider restricting access to user information management features until a fix is available. As a temporary workaround, limit the use of the GUI and GUI terminal commands for making changes to user passwords to minimize the risk of exploitation.