- Description
- Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6C31861-243D-4236-8DDF-67329AC63391",
"versionEndIncluding": "9.6"
},
{
"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EFFC4A8-98F5-4289-A409-9CE63F6BFB75"
}
],
"operator": "OR"
}
]
}
]