Lucene search

TrellixCVELIST:CVE-2020-7269

HistoryApr 15, 2021 - 8:00 a.m.

CVE-2020-7269 Sensitive Information Exposure in McAfee ATD

2021-04-1508:00:17

CWE-200

trellix

www.cve.org

cve-2020-7269

sensitive information exposure

mcafee atd

web interface

remote authenticated users

unencrypted information

http request parameter

internet access restriction

CVSS3

4.9

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

25.9%

JSON

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

CNA Affected

[
  {
    "product": "McAfee Advanced Threat Defense (ATD)",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "4.12.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10336