CVE-2016-8025
medium
CVSS v3
6.2
CVSS v2
6.0
VIR risk
6.2
Description
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
Predictions
Exploit likelihood
72%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@intel.com — https://kc.mcafee.com/corporate/index?page=content&id=SB10181
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mcafee | virusscan_enterprise | {"endIncluding":"2.0.3"} | |
References
- http://www.securityfocus.com/bid/94823
- http://www.securitytracker.com/id/1037433
- https://kc.mcafee.com/corporate/index?page=content&id=SB10181
- https://www.exploit-db.com/exploits/40911/
- http://www.securityfocus.com/bid/94823
- http://www.securitytracker.com/id/1037433
- https://kc.mcafee.com/corporate/index?page=content&id=SB10181
- https://www.exploit-db.com/exploits/40911/
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.