Vulnerabilities > Mcafee > Enterprise Security Manager

DATE CVE VULNERABILITY TITLE RISK
2019-09-11 CVE-2019-3644 Unspecified vulnerability in Mcafee products
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service.
network
low complexity
mcafee
7.5
2019-09-11 CVE-2019-3643 Unspecified vulnerability in Mcafee products
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service.
network
low complexity
mcafee
7.5
2019-06-27 CVE-2019-3632 Path Traversal vulnerability in Mcafee Enterprise Security Manager
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
network
low complexity
mcafee CWE-22
8.8
2019-06-27 CVE-2019-3631 OS Command Injection vulnerability in Mcafee Enterprise Security Manager
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
network
low complexity
mcafee CWE-78
7.2
2019-06-27 CVE-2019-3630 OS Command Injection vulnerability in Mcafee Enterprise Security Manager
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
network
low complexity
mcafee CWE-78
7.2
2019-06-27 CVE-2019-3629 Unspecified vulnerability in Mcafee Enterprise Security Manager
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
network
low complexity
mcafee
6.5
2019-06-27 CVE-2019-3628 Unspecified vulnerability in Mcafee Enterprise Security Manager
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
network
low complexity
mcafee
8.8
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
5.0
2015-09-22 CVE-2015-7310 OS Command Injection vulnerability in Mcafee products
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
network
low complexity
mcafee CWE-78
6.5