CVE-2014-2536 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Expressway Cloud Access 360
Mcafee	Cloud Identity Manager Cloud Single Sign On

Configuration 1 [-]

OR	cpe:2.3:a:intel:expressway_cloud_access_360:2.1:::::::*
	cpe:2.3:a:intel:expressway_cloud_access_360:2.5:::::::*
	cpe:2.3:a:mcafee:cloud_identity_manager:3.0:::::::*
	cpe:2.3:a:mcafee:cloud_identity_manager:3.1:::::::*
	cpe:2.3:a:mcafee:cloud_identity_manager:3.5.1:::::::*
	cpe:2.3:a:mcafee:cloud_single_sign_on:4.0.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/57368
http://secunia.com/advisories/57381
http://www.securityfocus.com/bid/66181
https://kc.mcafee.com/corporate/index?page=content&id=SB10066

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-18T14:00:00

Updated: 2024-08-06T10:14:26.579Z

Reserved: 2014-03-18T00:00:00

Link: CVE-2014-2536

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-03-18T17:04:18.467

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-2536

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-27T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "66181", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66181"}, {"name": "57381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57381"}, {"name": "57368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57368"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2536", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "66181", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66181"}, {"name": "57381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57381"}, {"name": "57368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57368"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:26.579Z"}, "title": "CVE Program Container", "references": [{"name": "66181", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66181"}, {"name": "57381", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57381"}, {"name": "57368", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2536", "datePublished": "2014-03-18T14:00:00", "dateReserved": "2014-03-18T00:00:00", "dateUpdated": "2024-08-06T10:14:26.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:expressway_cloud_access_360:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE25F0BE-B298-4FA3-B0D7-755B344AA19A", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:expressway_cloud_access_360:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "12DF79E2-6C13-4CD2-86DE-5C0E023D7142", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4008DFB6-A72B-4437-A819-A575C7AA59A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFCF5CA8-A738-4177-855F-43336670B9DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:cloud_identity_manager:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5974023-0273-4794-AFB7-E3A5AA6726FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:cloud_single_sign_on:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7F80C8C-0E7E-46C3-985D-EDCF1DF02CF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en McAfee Cloud Identity Manager 3.0, 3.1 y 3.5.1, McAfee Cloud Single Sign On (MCSSO) anterior a 4.0.1 e Intel Expressway Cloud Access 360-SSO 2.1 y 2.5 permite a usuarios remotos autenticados leer un archivo no especificado que contiene un hash de la contrase\u00f1a de administrador a trav\u00e9s de vectores desconocidos."}], "evaluatorImpact": "Per: https://kc.mcafee.com/corporate/index?page=content&id=SB10066\n\n\"Affected Versions:\n\n Intel Expressway Cloud Access 360-SSO 2.1, 2.5\n McAfee Cloud Identity Manager 3.0, 3.1, 3.5.1\n McAfee Cloud Single Sign On 4.0.0\"", "id": "CVE-2014-2536", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-18T17:04:18.467", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57368"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57381"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/66181"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57381"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10066"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}