Lucene search

TrellixCVELIST:CVE-2019-3665

HistoryDec 03, 2019 - 10:55 a.m.

CVE-2019-3665 Code Injection vulnerability

2019-12-0310:55:26

trellix

www.cve.org

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.

CNA Affected

[
  {
    "product": "McAfee Web Advisor (WA)",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "prior to 4.1.1.48",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

service.mcafee.com/FAQDocument.aspx?&id=TS102991

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

Related for CVELIST:CVE-2019-3665