McAfee IntruShield Security Management System allows remote authenticated users to access the Generate Reports feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Intrushield_security_management_system | Mcafee | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=112066594312876\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=112076813804503\u0026w=2
- http://secunia.com/advisories/15961
- http://securitytracker.com/id?1014422
- http://marc.info/?l=bugtraq\u0026m=112066594312876\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=112076813804503\u0026w=2
- http://secunia.com/advisories/15961
- http://securitytracker.com/id?1014422