Vulnerabilities > Mcafee > Endpoint Security

DATE CVE VULNERABILITY TITLE RISK
2021-09-17 CVE-2021-31842 XML Entity Expansion vulnerability in Mcafee Endpoint Security
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
local
low complexity
mcafee CWE-776
5.5
2021-09-17 CVE-2021-31843 Link Following vulnerability in Mcafee Endpoint Security
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.
local
low complexity
mcafee CWE-59
7.8
2021-04-15 CVE-2020-7308 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Endpoint Security
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS.
network
low complexity
mcafee CWE-319
6.5
2021-02-10 CVE-2021-23881 Cross-site Scripting vulnerability in Mcafee Endpoint Security
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
network
low complexity
mcafee CWE-79
4.8
2021-02-10 CVE-2021-23883 NULL Pointer Dereference vulnerability in Mcafee Endpoint Security
A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly.
local
low complexity
mcafee CWE-476
4.4
2021-02-10 CVE-2021-23882 Unspecified vulnerability in Mcafee Endpoint Security
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed.
local
low complexity
mcafee
4.4
2021-02-10 CVE-2021-23880 Unspecified vulnerability in Mcafee Endpoint Security
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
local
low complexity
mcafee
4.4
2021-02-10 CVE-2021-23878 Cleartext Storage of Sensitive Information vulnerability in Mcafee Endpoint Security
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions.
local
low complexity
mcafee CWE-312
5.0
2020-11-12 CVE-2020-7333 Cross-site Scripting vulnerability in Mcafee Endpoint Security
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
network
low complexity
mcafee CWE-79
4.8
2020-11-12 CVE-2020-7332 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
network
low complexity
mcafee CWE-352
8.8