McAfee Security Information and Event Management 9.3.x < / 9.4.x < / 9.5.x < Authentication Bypass (SB10137)

High Nessus Plugin ID 90424


The remote device is affected by an authentication bypass vulnerability.


According to its self-reported version, the McAfee Security Information and Event Management (SIEM) application installed on the remote host is 9.3.x prior to, 9.4.x prior to, or 9.5.x prior to It is therefore, affected by an authentication bypass vulnerability in the Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) components due to improper sanitization of usernames. This vulnerability occurs when these components are configured to use Active Directory or LDAP as authentication sources. A remote attacker can exploit this issue, via a specially crafted username, to log on to the system using any password.


Upgrade to the relevant fixed version according to the McAfee advisory.

See Also

Plugin Details

Severity: High

ID: 90424

File Name: mcafee_esm_siem_sb10137.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2016/04/08

Modified: 2016/11/28

Dependencies: 86311

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:mcafee_enterprise_security_manager

Required KB Items: Host/McAfee ESM/Display Version, Host/McAfee ESM/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/10/21

Vulnerability Publication Date: 2015/10/21

Reference Information

CVE: CVE-2015-8024

BID: 85542

OSVDB: 129549

IAVA: 2016-A-0084