Vulnerability CVE-2005-2187
Published: 2005-07-11   Modified: 2012-02-12

Description:
McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mcafee -> Intrushield security management system 

 References:
http://marc.theaimsgroup.com/?l=bugtraq&m=112076813804503&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112066594312876&w=2
http://securitytracker.com/id?1014422
http://secunia.com/advisories/15961
Copyright 2024, cxsecurity.com

 

Back to Top