10 matches found
CVE-2019-3663
The CVE-2019-3663 issue affects McAfee Advanced Threat Defense (ATD) prior to version 4.8. It arises from unprotected storage of credentials, enabling a local attacker to read the root password from sensitive files; the root password is common across ATD deployments prior to 4.8. CVSS assessments...
CVE-2020-7269
The CVE-2020-7269 issue affects McAfee Advanced Threat Defense (ATD) web interface: versions prior to 4.12.2 expose unencrypted sensitive information via specially crafted HTTP request parameters. The vulnerability can be exploited by remote authenticated users. Impact details are documented acro...
CVE-2019-3649
CVE-2019-3649 concerns McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure through a carefully crafted POST request that exploits how log data is recorded, allowing remote authenticated attackers to access hashed credentials stored in logs. The root c...
CVE-2019-3661
CVE-2019-3661 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is described as an improper neutralization of special elements used in an SQL command (SQL Injection) that could allow a remote authenticated attacker to execute database commands via a carefully constructe...
CVE-2020-7270
Summary: CVE-2020-7270 affects McAfee Advanced Threat Defense (ATD) web interface. In ATD versions prior to 4.12.2, remote authenticated users can view sensitive unencrypted information through a specially crafted HTTP request parameter, as described across multiple sources (NVD, CNVD, Red Hat, C...
CVE-2019-3650
CVE-2019-3650 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure where a crafted GET request can extract insecure information stored in the ATD database, allowing remote authenticated attackers to gain access to atduser credentials. The conne...
CVE-2019-3662
CVE-2019-3662 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is a path traversal in which a crafted HTTP request allows a remote authenticated attacker to access files outside a restricted directory due to improper filtering of path elements. Reported impact indicate...
CVE-2019-3660
CVE-2019-3660 concerns McAfee Advanced Threat Defense (ATD) before version 4.8, where improper neutralization of HTTP requests enables a remote authenticated attacker to execute commands on the server via carefully crafted HTTP requests. The issue is documented across multiple sources (NVD, Red H...
CVE-2020-7262
CVE-2020-7262 affects McAfee Advanced Threat Defense (ATD) prior to version 4.10.0. The vulnerability is Improper Access Control that allows a local attacker to view sensitive files via a crafted HTTP request parameter. Public sources in the connected documents confirm information disclosure as t...
CVE-2019-3651
CVE-2019-3651 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. Vulnerability arises from overly permissive ATD user credentials (atduser) that allow remote authenticated attackers to access ePO as an administrator, enabling information disclosure. Connected sources confirm the issue and...