CVE-2019-3649

Published: Nov 13, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.

Affected (1)

Products: Mcafee: Advanced Threat Defense

1 product

Advanced Threat Defense

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Advanced Threat Defense	Before 4.8

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.