Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-1823 Improper Privilege Management vulnerability in Mcafee Consumer Product Removal Tool
Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack.
local
low complexity
mcafee CWE-269
4.6
2022-06-20 CVE-2022-1824 Uncontrolled Search Path Element vulnerability in Mcafee Consumer Product Removal Tool
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name.
local
mcafee CWE-427
4.4
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
mcafee CWE-601
5.8
2022-04-14 CVE-2022-1256 Improper Privilege Management vulnerability in Mcafee Agent
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality.
local
low complexity
mcafee CWE-269
7.2
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
2.1
2022-04-14 CVE-2022-1258 SQL Injection vulnerability in Mcafee Agent
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
network
mcafee CWE-89
6.0
2022-03-23 CVE-2022-0857 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
mcafee CWE-79
4.3
2022-03-23 CVE-2022-0858 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
mcafee CWE-79
4.3
2022-03-23 CVE-2022-0859 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server.
local
mcafee CWE-522
4.4
2022-03-23 CVE-2022-0861 XXE vulnerability in Mcafee Epolicy Orchestrator
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality.
network
low complexity
mcafee CWE-611
5.5