Vulnerabilities > Mcafee > WEB Gateway > 7.8.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-1254 | Open Redirect vulnerability in Mcafee web Gateway A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. | 6.1 |
| 2021-02-17 | CVE-2021-23885 | Unspecified vulnerability in Mcafee web Gateway Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. | 8.8 |
| 2020-09-16 | CVE-2020-7297 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7296 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | 5.7 |
| 2020-09-15 | CVE-2020-7295 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | 4.6 |
| 2020-09-15 | CVE-2020-7294 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | 4.6 |
| 2020-09-15 | CVE-2020-7293 | Improper Authentication vulnerability in Mcafee web Gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. | 9.0 |
| 2020-07-15 | CVE-2020-7292 | Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. | 4.3 |
| 2019-03-21 | CVE-2019-6454 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in sd-bus in systemd 239. local low complexity systemd-project opensuse netapp debian fedoraproject canonical redhat mcafee CWE-787 | 5.5 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |