Vulnerability Details CVE-2005-2187
McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v2 Score 4.6
References
- http://marc.info/?l=bugtraq&m=112066594312876&w=2
- http://marc.info/?l=bugtraq&m=112076813804503&w=2
- http://secunia.com/advisories/15961
- http://securitytracker.com/id?1014422
- http://marc.info/?l=bugtraq&m=112066594312876&w=2
- http://marc.info/?l=bugtraq&m=112076813804503&w=2
- http://secunia.com/advisories/15961
- http://securitytracker.com/id?1014422
Products affected by CVE-2005-2187
-
cpe:2.3:h:mcafee:intrushield_security_management_system:-