CVE-2013-7462
CVE-2013-7462
In short
An attacker could access any file on the McAfee SaaS Control Console server without logging in, by using a special technique to bypass file access restrictions. This exposed sensitive system information that should have been protected.
Technical detail
A directory traversal vulnerability in McAfee SCC Platform 6.14 (pre-patch 1070) and 6.15 (pre-patch 1076) allows unauthenticated remote attackers to read arbitrary files through null-byte injection. The vulnerability requires no authentication and affects files lacking filesystem-level access controls, potentially exposing configuration, credentials, or system data.
Summary generated and translated by AI from the official description.
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
Affected products
Intel · SaaS Control Console (SCC) PlatformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →