CVE-2015-8989

HIGH

McAfee Vulnerability Manager <= 7.5.8 - Unsalted Password Storage in Enterprise Manager

Title source: llm

Description

Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10117

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 53.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-310

Status published

Products (2)

Intel/McAfee Vulnerability Manager (MVM) 7.5.8 and earlier

mcafee/vulnerability_manager < 7.5.8

Published Mar 14, 2017

Tracked Since Feb 18, 2026