McAfee Vulnerability Manager Enterprise Manager Multiple Vulnerabilities (SB10061)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a web application installed that is affected by
multiple vulnerabilities.

Description :

The version of McAfee Vulnerability Manager installed is 7.0.x prior to
7.0.11.05002, 7.5.x earlier than 7.5.4, 7.5.4 prior to 7.5.4.05007, or
7.5.5 prior to 7.5.5.05002. It is, therefore, potentially affected by
multiple cross-site scripting and cross-site request forgery
vulnerabilities in the Enterprise Manager component.

See also :

http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-1472.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-1473.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10061

Solution :

Upgrade to McAfee Vulnerability Manager 7.0.11.05002, 7.5.4.05007,
7.5.5.05002, 7.5.6 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 72588 ()

Bugtraq ID: 64795

CVE ID: CVE-2014-1472
CVE-2014-1473

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now