CVE-2015-8989

{"id": "CVE-2015-8989", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-03-14T22:59:00.447", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10117", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10117", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database."}, {"lang": "es", "value": "Vulnerabilidad de contrase\u00f1a sin sal en el componente Enterprise Manager (portal web) en Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 y versiones anteriores permite a los atacantes descifrar m\u00e1s f\u00e1cilmente las contrase\u00f1as de usuario a trav\u00e9s de ataques de fuerza bruta contra la base de datos."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:vulnerability_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A41E3B-F8BD-4D0F-8CA2-35FCA727C92C", "versionEndIncluding": "7.5.8"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}