Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-3631 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3630 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3629 | Unspecified vulnerability in Mcafee Enterprise Security Manager Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | 6.5 |
| 2019-06-27 | CVE-2019-3628 | Unspecified vulnerability in Mcafee Enterprise Security Manager Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. | 8.8 |
| 2019-05-15 | CVE-2019-3602 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | 4.8 |
| 2019-05-15 | CVE-2019-3586 | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection. | 7.5 |
| 2019-04-23 | CVE-2019-2602 | Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |
| 2019-04-10 | CVE-2019-3612 | Cleartext Storage of Sensitive Information vulnerability in Mcafee Data Exchange Layer and Threat Intelligence Exchange Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. | 4.4 |
| 2019-03-26 | CVE-2019-3606 | Cleartext Storage of Sensitive Information vulnerability in Mcafee Network Security Manager Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. | 4.1 |
| 2019-03-26 | CVE-2019-3597 | Unspecified vulnerability in Mcafee Network Security Manager Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. | 9.8 |