- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3F1D142-EABA-4554-AFD6-6962BDA86D15",
"versionEndIncluding": "7.5.5"
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4227EA74-8DAA-43B4-8F00-8DC147C19687"
},
{
"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:7.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3D5C396-D66E-4976-AB79-71D828EB541C"
}
],
"operator": "OR"
}
]
}
]