exploitDog

CVE-2012-4588

Опубликовано: 22 авг. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10021
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10021
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*

Версия до 4.7 (включая)

cpe:2.3:a:mcafee:enterprise_mobility_manager_agent:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 63%

0.00443

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-x7m6-jr2p-9px3

github

больше 3 лет назад

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.

EPSS

Процентиль: 63%

0.00443

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255