Directory Traversal Vulnerability in McAfee Asset Manager 6.6
CVE-2014-2588

Currently unrated

Key Information:

Vendor

Mcafee
Status
Asset Manager
Vendor
CVE Published:
24 March 2014

What is CVE-2014-2588?

A directory traversal vulnerability exists in the servlet/downloadReport component of McAfee Asset Manager 6.6. This flaw enables remote authenticated users to fetch arbitrary files from the server by manipulating the reportFileName parameter. Utilizing the '../' (dot dot) sequence, such users can bypass restrictions and gain access to sensitive files on the system, potentially exposing confidential information.

References

http://packetstormsecurity.com/files/125775/McAfee-Cloud-...
x_refsource_MISC
http://www.osvdb.org/104633
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/66302
vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.