Description
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10056
Scores
CVSS v3
7.5
EPSS
0.0232
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
Intel/SaaS Control Console (SCC) Platform
6.14 before patch 1070, and 6.15 before patch 1076
mcafee/saas_control_console_platform
< 6.15
Published
Mar 14, 2017
Tracked Since
Feb 18, 2026