CVE-2015-7310
McAfee Enterprise Security Manager < 9.3.2MR18, 9.4.x < 9.4.2MR8, 9.5.x < 9.5.0MR7 - OS Command Injection
Title source: llmDescription
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10133
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033654
Scores
EPSS
0.0049
EPSS Percentile
65.6%
Details
CWE
CWE-78
Status
published
Products (9)
mcafee/enterprise_security_manager
< 9.3.2
mcafee/enterprise_security_manager
< 9.4.2
mcafee/enterprise_security_manager
< 9.5.0
mcafee/enterprise_security_manager\/log_manager
< 9.3.2
mcafee/enterprise_security_manager\/log_manager
< 9.4.2
mcafee/enterprise_security_manager\/log_manager
< 9.5.0
mcafee/enterprise_security_manager\/receiver
< 9.3.2
mcafee/enterprise_security_manager\/receiver
< 9.4.2
mcafee/enterprise_security_manager\/receiver
< 9.5.0
Published
Sep 22, 2015
Tracked Since
Feb 18, 2026