Lucene search

TrellixCVELIST:CVE-2019-3629

HistoryJun 27, 2019 - 8:33 p.m.

CVE-2019-3629 Application protections bypass vulnerability could allow unauthenticated user to impersonate system users

2019-06-2720:33:59

trellix

www.cve.org

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.6%

JSON

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.

CNA Affected

[
  {
    "product": "McAfee Enterprise Security Manager (ESM)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "11.2.0",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      },
      {
        "lessThan": "10.4.0",
        "status": "affected",
        "version": "10.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10284

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for CVELIST:CVE-2019-3629