CVE-2019-3651

Published: Nov 13, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.

Affected (1)

Products: Mcafee: Advanced Threat Defense

Mcafee

1 product

Advanced Threat Defense

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Advanced Threat Defense	Before 4.8

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.