Vulnerabilities > Mcafee > WEB Gateway > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
low complexity
mcafee CWE-601
6.1
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2020-09-16 CVE-2020-7297 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7296 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
low complexity
mcafee CWE-287
5.7
2020-09-15 CVE-2020-7295 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
low complexity
mcafee CWE-287
4.6
2020-09-15 CVE-2020-7294 Improper Authentication vulnerability in Mcafee web Gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
low complexity
mcafee CWE-287
4.6
2020-07-15 CVE-2020-7292 Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
network
low complexity
mcafee CWE-838
4.3
2019-08-14 CVE-2019-3635 Unspecified vulnerability in Mcafee web Gateway
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
network
low complexity
mcafee
6.5
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.5
2019-03-21 CVE-2019-6454 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in sd-bus in systemd 239.
5.5