CVE-2016-8006

{"id": "CVE-2016-8006", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2017-01-05T22:59:00.250", "references": [{"url": "http://www.quantumleap.it/mcafee-siem-esm-esmrec-authentication-bypass-vulnerability/", "source": "secure@intel.com"}, {"url": "http://www.securityfocus.com/bid/95313", "source": "secure@intel.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=KB87744", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://www.narthar.it/DOC/McAfee_SIEM_9.6_Authentication_bypass_vulnerability.html", "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autenticaci\u00f3n en Enterprise Security Manager (ESM) y License Manager (LM) en Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 permite a un administrador hacer cambios en la informaci\u00f3n de otros usuarios SIEM incluyendo contrase\u00f1as de usuario sin aportar al administrador actual una contrase\u00f1a por segunda vez a trav\u00e9s de comandos de terminal GUI o GUI."}], "lastModified": "2017-01-18T02:59:12.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:security_information_and_event_management:*:mr3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9BCB33D-5381-44D0-B0B9-F46D6CAB8CB2", "versionEndIncluding": "9.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}