Cross-Site Request Forgery Vulnerabilities in McAfee Vulnerability Manager
CVE-2014-1473

Currently unrated

Key Information:

Vendor: Mcafee
Status: Vulnerability Manager
Vendor: CVE Published:; 16 January 2014

What is CVE-2014-1473?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in the Enterprise Manager of McAfee Vulnerability Manager versions 7.5.5 and earlier. These vulnerabilities can be exploited by remote attackers to hijack the authentication of legitimate users, allowing unauthorized modifications to HTML contents through affected vectors related to the system's response web page. This could lead to unauthorized access or actions performed on behalf of authenticated users.

References

http://secunia.com/advisories/56394

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/64795

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1029591

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 15, 2014

Mcafee

What is CVE-2014-1473?

References

Timeline