CVE-2015-7612

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 01/10/15 - Updated on 02/10/15

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2015-7612

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mcafeevulnerability_manager

Share this vulnerability with:

Twitter Facebook LinkedIn Mail