mwg-eg.de Cross Site Scripting vulnerability OBB-3067525

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-23884

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter CSR prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway MWG or the password of the McAfee Web Gateway Cloud Server MWGCS read on...

CVE-2021-23884

CVE-2021-23884 affects the ePO Extension of McAfee Content Security Reporter (CSR). The issue stems from cleartext transmission that lets an ePO administrator view unencrypted credentials (MWG or MWGCS read-only user used for log retrieval). Affected: CSR versions prior to 2.8.0. Mitigation: upgr...

CVE-2021-23885

CVE-2021-23885 affects McAfee Web Gateway (MWG) prior to 9.2.8. The vulnerability is an elevation of privilege via the user interface: an authenticated user can exploit improper neutralization of user input on the troubleshooting page to gain elevated privileges and execute commands on the applia...

CVE-2020-7297

CVE-2020-7297 affects McAfee Web Gateway (MWG) prior to version 9.2.1. The issue is a privilege escalation caused by improper access control in the user interface, allowing an authenticated UI user to access protected dashboard data. The available connected documents confirm the vulnerability des...

CVE-2020-7295

CVE-2020-7295 is a privilege-escalation vulnerability in McAfee Web Gateway (MWG) prior to version 9.2.1. An authenticated UI user can delete or download protected log data due to improper access controls in the user interface. This description is consistently reported across multiple sources (NV...

CVE-2020-7294

CVE-2020-7294 affects McAfee Web Gateway (MWG) prior to 9.2.1. The issue is an elevation of privilege due to improper access controls in the REST interface, allowing an authenticated UI user to delete or download protected files. Root cause: REST interface access control weaknesses. Impact: privi...

CVE-2020-7293 Web Gateway (MWG) - Privilege Escalation vulnerability

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface...

CVE-2020-7292

CVE-2020-7292 affects McAfee Web Gateway (MWG) prior to version 9.2.1. The issue is an Inappropriate Encoding for Output Context , which can allow a remote attacker to cause MWG to return an ambiguous redirect response when a user clicks a malicious URL. The vulnerability is rooted in the output ...

CVE-2019-3638

CVE-2019-3638 describes a reflected cross-site scripting flaw in the Administrators web console of McAfee Web Gateway (MWG) versions 7.8.x prior to 7.8.2.13. The vulnerability allows an attacker to induce an administrator to click a crafted link, potentially exposing sensitive information or exec...

CVE-2019-3644

CVE-2019-9517 is a denial-of-service vulnerability in McAfee Web Gateway (MWG) scanners exposed in MWG versions before 7.8.2.13. The issue arises from unconstrained interal data buffering in HTTP/2, where an attacker can flood a connection with requests and exhaust resources on the server. Affect...

CVE-2019-3643

CVE-2019-3643 relates to McAfee Web Gateway (MWG) older than 7.8.2.13 and is described as vulnerable to CVE-2019-9511, potentially causing a denial of service. The Connected documents provide no additional MWG-specific technical details, remediation, or confirmed exploit information in this set. ...

CVE-2019-3639

CVE-2019-3639 describes a clickjacking vulnerability in the McAfee Web Gateway (MWG) UI. Affects MWG version 7.8.2.x prior to 7.8.2.12, where an administrator web console does not send an X-Frame-Options header, enabling remote attackers to embed the console in a crafted page via an iframe. The i...

CVE-2019-3635 MWG Proxy: Cross-Frame Scripting vulnerability

Exfiltration of Data in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe...

CVE-2019-3635

CVE-2019-3635 affects McAfee Web Gateway (MWG) versions 7.8.2.x prior to 7.8.2.12. The flaw allows an attacker to exfiltrate sensitive data by crafting a complex webpage that triggers MWG to block a user from accessing an iframe, enabling information disclosure. Root cause details are not elabora...

CVE-2018-6677

Affected product : McAfee Web Gateway (MWG) 7.8.1.x. Vulnerability : Directory Traversal in the administrative user interface that enables authenticated administrator users to gain elevated privileges via unspecified vectors. The core impact is privilege escalation within MWG. What is vulnerable ...

CVE-2018-6678

CVE-2018-6678 affects McAfee Web Gateway (MWG) 7.8.1.x. The vulnerability exists in the administrative interface and allows authenticated administrator users to execute arbitrary commands via unspecified vectors (configuration/environment manipulation). Connected documents consistently describe M...

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP...