CVE-2016-8006

Published: Jan 5, 2017Modified: May 6, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands.

Affected (1)

Products: Mcafee: Security Information And Event Management

1 product

Security Information And Event Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Security Information And Event Management	Up to 9.6.0

Related CWEs

References (8)

http://www.quantumleap.it/mcafee-siem-esm-esmrec-authentication-bypass-vulnerability/

Source: secure@intel.com

http://www.securityfocus.com/bid/95313

Source: secure@intel.com

https://kc.mcafee.com/corporate/index?page=content&id=KB87744

Source: secure@intel.com

Vendor Advisory

https://www.narthar.it/DOC/McAfee_SIEM_9.6_Authentication_bypass_vulnerability.html

Source: secure@intel.com

http://www.quantumleap.it/mcafee-siem-esm-esmrec-authentication-bypass-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/95313

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=KB87744

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.narthar.it/DOC/McAfee_SIEM_9.6_Authentication_bypass_vulnerability.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.