Cross-Site Request Forgery Vulnerability in McAfee Vulnerability Manager
CVE-2016-2199

8.8HIGH

Key Information:

Vendor: Mcafee
Status: Vulnerability Manager
Vendor: CVE Published:; 1 February 2016

What is CVE-2016-2199?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in the Organizations and Remediation management page of McAfee's Vulnerability Manager (MVM) prior to version 7.5.10. These vulnerabilities allow remote attackers to potentially hijack an administrator's authentication, enabling them to execute unwanted actions on behalf of the user without their consent. This can lead to unauthorized access and manipulation of sensitive system management functions.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 1, 2016

Mcafee

What is CVE-2016-2199?

References

CVSS V3.1

Timeline