CVE-2015-8024

Name of the Vulnerable Software and Affected Versions McAfee Enterprise Security Manager (ESM) versions 9.3.x through 9.3.2MR18 McAfee Enterprise Security Manager (ESM) versions 9.4.x through 9.4.2MR8 McAfee Enterprise Security Manager (ESM) versions 9.5.x through 9.5.0MR7 McAfee Enterprise Security Manager/Log Manager (ESMLM) versions 9.3.x through 9.3.2MR18 McAfee Enterprise Security Manager/Log Manager (ESMLM) versions 9.4.x through 9.4.2MR8 McAfee Enterprise Security Manager/Log Manager (ESMLM) versions 9.5.x through 9.5.0MR7 McAfee Enterprise Security Manager/Receiver (ESMREC) versions 9.3.x through 9.3.2MR18 McAfee Enterprise Security Manager/Receiver (ESMREC) versions 9.4.x through 9.4.2MR8 McAfee Enterprise Security Manager/Receiver (ESMREC) versions 9.5.x through 9.5.0MR7

Description The issue allows remote attackers to bypass authentication by logging in with a specific username and any password when configured to use Active Directory or LDAP authentication sources.

Recommendations For versions 9.3.x, update to 9.3.2MR19 or later. For versions 9.4.x, update to 9.4.2MR9 or later. For versions 9.5.x, update to 9.5.0MR8 or later.