Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
mcafee CWE-601
5.8
2022-04-14 CVE-2022-1256 Improper Privilege Management vulnerability in Mcafee Agent
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality.
local
low complexity
mcafee CWE-269
7.2
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
2.1
2022-04-14 CVE-2022-1258 SQL Injection vulnerability in Mcafee Agent
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
network
mcafee CWE-89
6.0
2022-03-23 CVE-2022-0857 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
mcafee CWE-79
4.3
2022-03-23 CVE-2022-0858 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
mcafee CWE-79
4.3
2022-03-23 CVE-2022-0859 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server.
local
mcafee CWE-522
4.4
2022-03-23 CVE-2022-0861 XXE vulnerability in Mcafee Epolicy Orchestrator
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality.
network
low complexity
mcafee CWE-611
5.5
2022-03-23 CVE-2022-0862 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password.
network
mcafee CWE-522
4.3
2022-03-23 CVE-2022-0842 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database.
network
low complexity
mcafee CWE-89
4.0