Vulnerability Details : CVE-2014-6064
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.
Vulnerability category: Information leak
Threat overview for CVE-2014-6064
Top countries where our scanners detected CVE-2014-6064
Top open port discovered on systems with this issue
22
IPs affected by CVE-2014-6064 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-6064!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6064
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6064
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6064
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6064
-
http://www.securitytracker.com/id/1030675
McAfee Web Gateway Accounts Tab Discloses Hashed Passwords to Remote Authenticated Users - SecurityTrackerThird Party Advisory;VDB Entry
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10080
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95690
McAfee Web Gateway Accounts tab information disclosure CVE-2014-6064 Vulnerability ReportVDB Entry
Products affected by CVE-2014-6064
- cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*