Lucene search

TrellixCVELIST:CVE-2020-7268

HistorySep 16, 2020 - 1:20 a.m.

CVE-2020-7268 McAfee Email Gateway (MEG) - Path Traversal vulnerability

2020-09-1601:20:13

CWE-22

trellix

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

JSON

Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.

CNA Affected

[
  {
    "product": "McAfee Email Gateway (MEG)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "7.6.406",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10323

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for CVELIST:CVE-2020-7268