CVE-2015-2053
McAfee Agent < 4.8.0 Patch 3 and 5.0.0 - Clickjacking via Log Viewer
Title source: llmDescription
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10094
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031821
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74873
Scores
EPSS
0.0024
EPSS Percentile
47.8%
Details
CWE
CWE-20
Status
published
Products (2)
mcafee/mcafee_agent
5.0.0
mcafee/mcafee_agent
< 4.8.0
Published
Feb 23, 2015
Tracked Since
Feb 18, 2026