Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-3654 | Improper Authentication vulnerability in Mcafee Client Proxy Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator. | 8.6 |
| 2019-11-14 | CVE-2019-3663 | Insufficiently Protected Credentials vulnerability in Mcafee Advanced Threat Defense Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 7.8 |
| 2019-11-14 | CVE-2019-3662 | Path Traversal vulnerability in Mcafee Advanced Threat Defense Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | 6.5 |
| 2019-11-14 | CVE-2019-3661 | SQL Injection vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | 8.8 |
| 2019-11-14 | CVE-2019-3640 | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Data Loss Prevention Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | 6.5 |
| 2019-11-13 | CVE-2019-3660 | Unspecified vulnerability in Mcafee Advanced Threat Defense Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | 8.8 |
| 2019-11-13 | CVE-2019-3651 | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 8.8 |
| 2019-11-13 | CVE-2019-3650 | Unspecified vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | 6.5 |
| 2019-11-13 | CVE-2019-3649 | Information Exposure Through Log Files vulnerability in Mcafee Advanced Threat Defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | 6.5 |
| 2019-11-13 | CVE-2019-3641 | Unspecified vulnerability in Mcafee Threat Intelligence Exchange Server 3.0.0 Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | 4.5 |