CVE-2020-7269

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7269 Sensitive Information Exposure in McAfee ATD

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7262

Improper Access Control vulnerability in McAfee Advanced Threat Defense ATD prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter...

Improper access control

Improper Access Control vulnerability in McAfee Advanced Threat Defense ATD prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter...

CVE-2020-7254 Privilege escalation in Advanced Threat Defense

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense ATD 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command...

CVE-2019-3661

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads...

Design/Logic Flaw

Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted i...

CVE-2019-3662 Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests...

CVE-2019-3649

CVE-2019-3649 concerns McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure through a carefully crafted POST request that exploits how log data is recorded, allowing remote authenticated attackers to access hashed credentials stored in logs. The root c...

Authentication flaw

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4054

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter...

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4057

The CVE-2017-4057 entry documents a Privilege Escalation in the web interface of McAfee Advanced Threat Defense (ATD) affecting versions 3.10, 3.8, 3.6 and 3.4. The vulnerability allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. The connected CNVD...