Directory Traversal Vulnerability in McAfee Asset Manager 6.6
CVE-2014-2588

Currently unrated

Key Information:

Vendor: Mcafee
Status: Asset Manager
Vendor: CVE Published:; 24 March 2014

Summary

A directory traversal vulnerability exists in the servlet/downloadReport component of McAfee Asset Manager 6.6. This flaw enables remote authenticated users to fetch arbitrary files from the server by manipulating the reportFileName parameter. Utilizing the '../' (dot dot) sequence, such users can bypass restrictions and gain access to sensitive files on the system, potentially exposing confidential information.

References

http://packetstormsecurity.com/files/125775/McAfee-Cloud-...

x_refsource_MISC

http://www.osvdb.org/104633

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/66302

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2014
Vulnerability Reserved
Mar 23, 2014