Clickjacking Vulnerability in McAfee Agent
CVE-2015-2053

Currently unrated

Key Information:

Vendor: Mcafee
Status: Mcafee Agent
Vendor: CVE Published:; 23 February 2015

Summary

The log viewer in McAfee Agent versions prior to 4.8.0 Patch 3 and 5.0.0 is susceptible to clickjacking attacks if the 'Accept connections only from the ePO server' setting is disabled. This vulnerability enables remote attackers to exploit the web interface by tricking users into clicking on disguised elements, potentially leading to unauthorized actions. Organizations using affected versions should evaluate their configurations and apply necessary updates to mitigate this security risk.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1031821

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/74873

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Feb 23, 2015