PT-2014-4768 · Mcafee+1 · Mcafee Cloud Single Sign On+2
Published
2014-03-18
·
Updated
2014-04-01
·
CVE-2014-2536
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
McAfee Cloud Identity Manager versions 3.0 through 3.5.1
McAfee Cloud Single Sign On (MCSSO) versions prior to 4.0.1
Intel Expressway Cloud Access 360-SSO versions 2.1 through 2.5
Description
A directory traversal issue allows remote authenticated users to read a file containing a hash of the administrator password.
Recommendations
For McAfee Cloud Identity Manager versions 3.0 through 3.5.1, update to a version outside of the affected range.
For McAfee Cloud Single Sign On (MCSSO) versions prior to 4.0.1, update to version 4.0.1 or later.
For Intel Expressway Cloud Access 360-SSO versions 2.1 through 2.5, consider restricting access to sensitive files until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Expressway Cloud Access 360-Sso
Mcafee Cloud Identity Manager
Mcafee Cloud Single Sign On