CVE-2013-7462 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-7462?

CVE-2013-7462 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7462?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Saas Control Console Platform.

Vulnerability Description

A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mcafee	Saas Control Console Platform	<= 6.15

Related Weaknesses (CWE)

CWE-22

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10056Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10056Vendor Advisory

FAQ

What is CVE-2013-7462?

CVE-2013-7462 is a vulnerability with a CVSS score of 7.5 (HIGH). A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated ...

How severe is CVE-2013-7462?

CVE-2013-7462 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7462?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Saas Control Console Platform.