Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-29 | CVE-2014-2390 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | 6.8 |
| 2014-03-24 | CVE-2014-2588 | Path Traversal vulnerability in Mcafee Asset Manager 6.6 Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2014-03-24 | CVE-2014-2587 | SQL Injection vulnerability in Mcafee Asset Manager 6.6 SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | 6.5 |
| 2014-03-24 | CVE-2014-2586 | Cross-Site Scripting vulnerability in Mcafee Cloud Single Sign ON Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. | 4.3 |
| 2014-03-18 | CVE-2014-2536 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | 4.3 |
| 2014-03-18 | CVE-2014-2535 | Path Traversal vulnerability in Mcafee web Gateway 7.2.0.9/7.3.2.4/7.4.0 Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | 4.0 |
| 2014-02-26 | CVE-2014-2205 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Epolicy Orchestrator The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | 6.3 |
| 2014-01-28 | CVE-2013-5094 | Cross-Site Scripting vulnerability in Mcafee vulnerability Manager 7.5 Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. | 4.3 |
| 2014-01-21 | CVE-2013-4884 | Cross-Site Scripting vulnerability in Mcafee Superscan 4.0 Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. | 4.3 |
| 2014-01-16 | CVE-2014-1473 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | 6.8 |