CVE-2014-2536

{"id": "CVE-2014-2536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-18T17:04:18.467", "references": [{"url": "http://secunia.com/advisories/57368", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57381", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/66181", "source": "cve@mitre.org"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57368", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/57381", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66181", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en McAfee Cloud Identity Manager 3.0, 3.1 y 3.5.1, McAfee Cloud Single Sign On (MCSSO) anterior a 4.0.1 e Intel Expressway Cloud Access 360-SSO 2.1 y 2.5 permite a usuarios remotos autenticados leer un archivo no especificado que contiene un hash de la contrase\u00f1a de administrador a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T02:06:29.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:expressway_cloud_access_360:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE25F0BE-B298-4FA3-B0D7-755B344AA19A"}, {"criteria": "cpe:2.3:a:intel:expressway_cloud_access_360:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12DF79E2-6C13-4CD2-86DE-5C0E023D7142"}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4008DFB6-A72B-4437-A819-A575C7AA59A1"}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFCF5CA8-A738-4177-855F-43336670B9DD"}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5974023-0273-4794-AFB7-E3A5AA6726FD"}, {"criteria": "cpe:2.3:a:mcafee:cloud_single_sign_on:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7F80C8C-0E7E-46C3-985D-EDCF1DF02CF0"}], "operator": "OR"}]}], "evaluatorImpact": "Per: https://kc.mcafee.com/corporate/index?page=content&id=SB10066\n\n\"Affected Versions:\n\n Intel Expressway Cloud Access 360-SSO 2.1, 2.5\n McAfee Cloud Identity Manager 3.0, 3.1, 3.5.1\n McAfee Cloud Single Sign On 4.0.0\"", "sourceIdentifier": "cve@mitre.org"}