Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-8024

Опубликовано: 02 дек. 2015
Источник: nvd
CVSS2: 9.3
EPSS Низкий

Описание

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:mcafee_enterprise_security_manager:9.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.0145
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-pw6r-gg5v-vx6h

github
больше 3 лет назад

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.

EPSS

Процентиль: 80%
0.0145
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-78