26 matches found
CVE-2019-3644
CVE-2019-9517 is a denial-of-service vulnerability in McAfee Web Gateway (MWG) scanners exposed in MWG versions before 7.8.2.13. The issue arises from unconstrained interal data buffering in HTTP/2, where an attacker can flood a connection with requests and exhaust resources on the server. Affect...
CVE-2019-3643
CVE-2019-3643 relates to McAfee Web Gateway (MWG) older than 7.8.2.13 and is described as vulnerable to CVE-2019-9511, potentially causing a denial of service. The Connected documents provide no additional MWG-specific technical details, remediation, or confirmed exploit information in this set. ...
CVE-2019-3663
The CVE-2019-3663 issue affects McAfee Advanced Threat Defense (ATD) prior to version 4.8. It arises from unprotected storage of credentials, enabling a local attacker to read the root password from sensitive files; the root password is common across ATD deployments prior to 4.8. CVSS assessments...
CVE-2017-3899
Vulnerability: CVE-2017-3899 affects Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier. Root cause: SQL injection via a crafted HTTP request parameter, leading to disclosure of product information. Impact: partial confidentiality loss; remote authenticated users can obtain info...
CVE-2015-3029
CVE-2015-3029 affects McAfee Advanced Threat Defense (MATD) before version 3.4.4.63. The web interface does not properly restrict access, allowing remote authenticated users to obtain sensitive information via unspecified vectors (information disclosure). Affected product/version: MATD
CVE-2017-4053
CVE-2017-4053 affects McAfee Advanced Threat Defense (ATD) web interface, with command injection in the HTTP parameter of ATD versions 3.10, 3.8, 3.6 and 3.4. The vulnerability allows remote unauthenticated attackers to execute arbitrary commands via a crafted request. Connected documents corrobo...
CVE-2015-3030
CVE-2015-3030 affects McAfee Advanced Threat Defense (MATD) web interface prior to version 3.4.4.63. The vulnerability allows remote authenticated users to obtain sensitive configuration information via unspecified vectors (information disclosure). Impact is limited to disclosure of configuration...
CVE-2015-3028
The CVE-2015-3028 entry affects McAfee Advanced Threat Defense (MATD) versions prior to 3.4.4.63. The issue allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters, indicating an access-control weakness that enables conf...
CVE-2017-4055
CVE-2017-4055 affects McAfee Advanced Threat Defense (ATD) Web Interface, with versions 3.10, 3.8, 3.6, and 3.4. The issue is a vulnerability in authentication/authorization enforcement that lets remote unauthenticated users bypass ATD detection via loose authentication checks, enabling bypass of...
CVE-2020-7269
The CVE-2020-7269 issue affects McAfee Advanced Threat Defense (ATD) web interface: versions prior to 4.12.2 expose unencrypted sensitive information via specially crafted HTTP request parameters. The vulnerability can be exploited by remote authenticated users. Impact details are documented acro...
CVE-2019-3649
CVE-2019-3649 concerns McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure through a carefully crafted POST request that exploits how log data is recorded, allowing remote authenticated attackers to access hashed credentials stored in logs. The root c...
CVE-2019-3661
CVE-2019-3661 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is described as an improper neutralization of special elements used in an SQL command (SQL Injection) that could allow a remote authenticated attacker to execute database commands via a carefully constructe...
CVE-2015-8990
CVE-2015-8990 covers a detection bypass in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier, where malware samples can evade ATD detection by renaming the malware. Affected product: Intel ATD; vulnerable component/behavior: detection logic bypass via filename renaming; root cause/im...
CVE-2017-4054
CVE-2017-4054 affects McAfee Advanced Threat Defense (ATD) web interface versions 3.4, 3.6, 3.8 and 3.10. The vulnerability is a Command Injection in the web interface that allows remote authenticated users to execute arbitrary commands via a crafted HTTP request parameter. The provided connected...
CVE-2017-4057
The CVE-2017-4057 entry documents a Privilege Escalation in the web interface of McAfee Advanced Threat Defense (ATD) affecting versions 3.10, 3.8, 3.6 and 3.4. The vulnerability allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. The connected CNVD...
CVE-2020-7270
Summary: CVE-2020-7270 affects McAfee Advanced Threat Defense (ATD) web interface. In ATD versions prior to 4.12.2, remote authenticated users can view sensitive unencrypted information through a specially crafted HTTP request parameter, as described across multiple sources (NVD, CNVD, Red Hat, C...
CVE-2023-0978
Summary: CVE-2023-0978 concerns Trellix Intelligent Sandbox CLI, affected in versions 5.2 and earlier, due to insufficient validation of CLI arguments that allows a local user to inject and execute arbitrary OS commands. Impact (as stated): local command execution with potential high impact on co...
CVE-2015-8986
CVE-2015-8986 is described as a sandbox-detection evasion vulnerability in McAfee/Intel Security Advanced Threat Defense (MATD) versions up to 3.4.2.32. The issue allows malware to detect the sandbox environment and bypass malware detection, resulting in false negatives. The available sources ide...
CVE-2017-4052
CVE-2017-4052 concerns McAfee Advanced Threat Defense (ATD). The connected sources confirm an authentication bypass vulnerability in the web interface affecting ATD versions 3.10, 3.8, 3.6, and 3.4, allowing remote unauthenticated users to change or update arbitrary configuration settings or gain...
CVE-2019-3650
CVE-2019-3650 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure where a crafted GET request can extract insecure information stored in the ATD database, allowing remote authenticated attackers to gain access to atduser credentials. The conne...
CVE-2019-3660
CVE-2019-3660 concerns McAfee Advanced Threat Defense (ATD) before version 4.8, where improper neutralization of HTTP requests enables a remote authenticated attacker to execute commands on the server via carefully crafted HTTP requests. The issue is documented across multiple sources (NVD, Red H...
CVE-2019-3662
CVE-2019-3662 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is a path traversal in which a crafted HTTP request allows a remote authenticated attacker to access files outside a restricted directory due to improper filtering of path elements. Reported impact indicate...
CVE-2020-7254
McAfee Advanced Threat Defense (ATD) Privilege Escalation (CVE-2020-7254) affects ATD 4.x prior to 4.8.2. The root cause is improper access controls on sudo commands in the command line interface, enabling local users to escalate privileges and execute arbitrary code. Exploitation is local and re...
CVE-2020-7262
CVE-2020-7262 affects McAfee Advanced Threat Defense (ATD) prior to version 4.10.0. The vulnerability is Improper Access Control that allows a local attacker to view sensitive files via a crafted HTTP request parameter. Public sources in the connected documents confirm information disclosure as t...
CVE-2019-3651
CVE-2019-3651 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. Vulnerability arises from overly permissive ATD user credentials (atduser) that allow remote authenticated attackers to access ePO as an administrator, enabling information disclosure. Connected sources confirm the issue and...
CVE-2016-3983
McAfee Advanced Threat Defense (ATD) before version 3.4.8.178 may allow remote attackers to bypass malware detection by leveraging information about the parent process. The connected sources confirm this is a vulnerability in ATD with no public exploit details provided in the documents. No remedi...