CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2586

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.11

EPSS Ranking 93.1%

CVSS Severity

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html
http://seclists.org/fulldisclosure/2014/Mar/325
http://www.exploit-db.com/exploits/32368
http://www.securityfocus.com/bid/66302
https://twitter.com/BrandonPrry/status/445969380656943104
http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html
http://seclists.org/fulldisclosure/2014/Mar/325
http://www.exploit-db.com/exploits/32368
http://www.securityfocus.com/bid/66302
https://twitter.com/BrandonPrry/status/445969380656943104

Products affected by CVE-2014-2586

Mcafee » Cloud Single Sign On » Version: N/A

cpe:2.3:a:mcafee:cloud_single_sign_on:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2586

Products

Pricing

Contact Us