CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2588

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.191

EPSS Ranking 95.0%

CVSS Severity

CVSS v2 Score 4.0

References

http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html
http://seclists.org/fulldisclosure/2014/Mar/325
http://www.exploit-db.com/exploits/32368
http://www.osvdb.org/104633
http://www.securityfocus.com/bid/66302
http://www.securitytracker.com/id/1029927
https://exchange.xforce.ibmcloud.com/vulnerabilities/91930
http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html
http://seclists.org/fulldisclosure/2014/Mar/325
http://www.exploit-db.com/exploits/32368
http://www.osvdb.org/104633
http://www.securityfocus.com/bid/66302
http://www.securitytracker.com/id/1029927
https://exchange.xforce.ibmcloud.com/vulnerabilities/91930

Products affected by CVE-2014-2588

Mcafee » Asset Manager » Version: 6.6

cpe:2.3:a:mcafee:asset_manager:6.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2588

Products

Pricing

Contact Us