CVE-2012-4589

Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/78223
https://kc.mcafee.com/corporate/index?page=content&id=SB10022	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78223
https://kc.mcafee.com/corporate/index?page=content&id=SB10022	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:enterprise_mobility_manager::::::::
	cpe:2.3:a:mcafee:enterprise_mobility_manager:4.7:::::::*

History

21 Nov 2024, 01:43

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/78223 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/78223 -
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - Vendor Advisory

Information

Published : 2012-08-22 10:42

Updated : 2024-11-21 01:43

NVD link : CVE-2012-4589

Mitre link : CVE-2012-4589

CVE.ORG link : CVE-2012-4589

JSON object : View

Products Affected

mcafee

enterprise_mobility_manager

CWE

NVD-CWE-Other

{"id": "CVE-2012-4589", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-22T10:42:05.163", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78223", "source": "cve@mitre.org"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78223", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "Login.aspx en Portal en McAfee Enterprise Mobility Manager (EMM) anteriores a v10.0 no tiene un atributo de autocompletar los campos de formulario no especificados, lo que hace que facilita a los atacantes remotos obtener acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo no atendida.\r\n"}], "lastModified": "2024-11-21T01:43:12.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C31861-243D-4236-8DDF-67329AC63391", "versionEndIncluding": "9.6"}, {"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EFFC4A8-98F5-4289-A409-9CE63F6BFB75"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}