Lucene search

TrellixCVELIST:CVE-2020-7294

HistorySep 15, 2020 - 11:00 p.m.

CVE-2020-7294 Web Gateway (MWG) - Privilege Escalation vulnerability

2020-09-1523:00:17

CWE-287

trellix

www.cve.org

vulnerability

privilege escalation

mcafee

web gateway

rest interface

access controls

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

CNA Affected

[
  {
    "product": "McAfee Web Gateway (MWG)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "9.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10323

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-7294