CVE-2014-2588

N/A Unknown

Published: March 24, 2014 Modified: May 06, 2026

Description

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Mar/325

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/32368

Source: cve@mitre.org

Exploit

http://www.osvdb.org/104633

Source: cve@mitre.org

http://www.securityfocus.com/bid/66302

Source: cve@mitre.org

http://www.securitytracker.com/id/1029927

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91930

Source: cve@mitre.org

http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html