Lucene search

TrellixCVELIST:CVE-2021-23884

HistoryApr 15, 2021 - 7:30 a.m.

CVE-2021-23884 Clear text exposure of password in McAfee CSR ePO extension

2021-04-1507:30:15

CWE-319

trellix

www.cve.org

cve-2021-23884

clear text exposure

mcafee csr

epo extension

sensitive information vulnerability

mcafee content security reporter

cleartext transmission

mcafee web gateway

log files analysis

mwgcs

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

CNA Affected

[
  {
    "product": "McAfee Content Security Reporter (CSR)",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "2.8.0CWE-319: Cleartext Transmission of Sensitive Information",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10353

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-23884