Vulnerabilities > Mcafee > Endpoint Security > 10.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-17 | CVE-2021-31842 | XML Entity Expansion vulnerability in Mcafee Endpoint Security XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. | 5.5 |
2021-09-17 | CVE-2021-31843 | Link Following vulnerability in Mcafee Endpoint Security Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | 7.8 |
2021-04-15 | CVE-2020-7308 | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Endpoint Security Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. | 6.5 |
2020-05-08 | CVE-2020-7264 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. | 8.4 |
2020-04-01 | CVE-2020-7263 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Endpoint Security Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | 6.7 |