Vulnerabilities > Mcafee > Endpoint Security > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-17 | CVE-2021-31843 | Link Following vulnerability in Mcafee Endpoint Security Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | 7.8 |
| 2020-11-12 | CVE-2020-7332 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | 8.8 |
| 2020-11-12 | CVE-2020-7331 | Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | 7.8 |
| 2020-09-09 | CVE-2020-7320 | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | 7.3 |
| 2020-09-09 | CVE-2020-7319 | Link Following vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 8.8 |
| 2020-05-08 | CVE-2020-7265 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. | 8.4 |
| 2020-05-08 | CVE-2020-7264 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. | 8.4 |
| 2020-04-15 | CVE-2020-7250 | Link Following vulnerability in Mcafee Endpoint Security Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | 7.8 |
| 2020-04-15 | CVE-2020-7274 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 7.8 |
| 2020-04-15 | CVE-2020-7259 | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |