Lucene search

Kaspersky LabKLA10538

HistoryApr 08, 2015 - 12:00 a.m.

KLA10538 Multiple vulnerabilities in McAfee ATD

2015-04-0800:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

47.7%

JSON

Multiple serious vulnerabilities have been found in McAfee ATD. Malicious users can exploit these vulnerabilities to obtain sensitive information or bypass security restrictions.

Below is a complete list of vulnerabilities

Improper access restrictions and other unknown vulnerabilities can be exploited remotely via an unknown vectors related to web interface;
An unknown vulnerability can be exploited remotely via a specially designed parameters.

Original advisories

McAfee security bulletin

Related products

McAfee-Advanced-Threat-Defense

CVE list

CVE-2015-3030 warning

CVE-2015-3029 warning

CVE-2015-3028 high

Solution

Update to the latest version

Get McAfee updates

Impacts

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

McAfee Advanced Threat Defense versions earlier than 3.4.4.63

References

kc.mcafee.com/corporate/index?page=content&id=SB10112

statistics.securelist.com/

threats.kaspersky.com/en/product/McAfee-Advanced-Threat-Defense/

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

47.7%

JSON

Related for KLA10538