Clickjacking Vulnerability in McAfee Agent
CVE-2015-2053

Currently unrated

Key Information:

Vendor: Mcafee
Status: Mcafee Agent
Vendor: CVE Published:; 23 February 2015

What is CVE-2015-2053?

The log viewer in McAfee Agent versions prior to 4.8.0 Patch 3 and 5.0.0 is susceptible to clickjacking attacks if the 'Accept connections only from the ePO server' setting is disabled. This vulnerability enables remote attackers to exploit the web interface by tricking users into clicking on disguised elements, potentially leading to unauthorized actions. Organizations using affected versions should evaluate their configurations and apply necessary updates to mitigate this security risk.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1031821

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/74873

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Feb 23, 2015

Mcafee

What is CVE-2015-2053?

References

Timeline