CVE-2014-1473

high

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10061

https://exchange.xforce.ibmcloud.com/vulnerabilities/90245

http://www.securitytracker.com/id/1029591

http://www.securityfocus.com/bid/64795

http://secunia.com/advisories/56394

http://osvdb.org/101939

Details

Source: Mitre, NVD

Published: 2014-01-16

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High