Vulnerabilities > Mcafee > WEB Gateway > 8.2.6

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
low complexity
mcafee CWE-601
6.1
2021-02-17 CVE-2021-23885 Unspecified vulnerability in Mcafee web Gateway
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
network
low complexity
mcafee
8.8
2020-09-16 CVE-2020-7297 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7296 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7295 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
low complexity
mcafee CWE-287
4.6
2020-09-15 CVE-2020-7294 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
low complexity
mcafee CWE-287
4.6
2020-09-15 CVE-2020-7293 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.
low complexity
mcafee CWE-287
critical
9.0
2020-07-15 CVE-2020-7292 Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
network
low complexity
mcafee CWE-838
4.3
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9