Vulnerabilities > Mcafee > Application AND Change Control

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2023-0221 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
local
low complexity
mcafee CWE-269
4.4
2022-01-04 CVE-2021-31833 Unspecified vulnerability in Mcafee Application and Change Control
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC.
local
low complexity
mcafee
7.8
2020-10-15 CVE-2020-7334 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer.
local
low complexity
mcafee CWE-269
8.2
2020-08-26 CVE-2020-7309 Cross-site Scripting vulnerability in Mcafee Application and Change Control
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
network
low complexity
mcafee CWE-79
4.8
2020-03-26 CVE-2020-7260 Untrusted Search Path vulnerability in Mcafee Application and Change Control
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
local
low complexity
mcafee CWE-426
7.8
2018-09-18 CVE-2017-3912 Improper Authentication vulnerability in Mcafee Application and Change Control 6.2.0/7.0.1
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
local
low complexity
mcafee CWE-287
7.8