Cross-Site Scripting Vulnerabilities in McAfee Enterprise Mobility Manager
CVE-2012-4590

Currently unrated

Key Information:

Vendor: Mcafee
Status: Enterprise Mobility Manager
Vendor: CVE Published:; 22 August 2012

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the About.aspx page within the Portal of McAfee's Enterprise Mobility Manager (EMM) prior to version 10.0. These vulnerabilities could enable remote attackers to inject arbitrary web scripts or HTML, allowing them to potentially execute malicious code in the context of an unsuspecting user's session. Insecure handling of the User Agent and Connection variables are the primary vectors for these exploitations, posing significant risks to users associated with affected versions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78222

vdb-entryx_refsource_XF

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Aug 22, 2012