CVE-2013-7462

high

Published 2017-03-14 · Modified 2026-05-13

CVSS v3

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2

5.0

VIR risk

7.5

Description

A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.

Predictions

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secure@intel.com — https://kc.mcafee.com/corporate/index?page=content&id=SB10056

Application impact

Vendor	Product	Versions	Fixed
mcafee	saas_control_console_platform	`{"endIncluding":"6.15"}`

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10056
https://kc.mcafee.com/corporate/index?page=content&id=SB10056

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.