CVE-2021-31833

CVE-2021-31833 affects McAfee Application and Change Control (MACC) prior to 8.3.4. The vulnerability allows a locally logged-in attacker to bypass MACC’s solidification protection and run applications that would normally be blocked. Exploitation, as described in multiple sources, requires renami...

CVE-2020-7309

CVE-2020-7309 affects the ePO extension of McAfee Application Control (MAC) prior to version 8.3.1. The vulnerability is a Cross Site Scripting (XSS) flaw in the policy discovery input, allowing an attacker to inject arbitrary web script or HTML. Affected component: ePO extension’s policy discove...

CVE-2017-3912

The vulnerability CVE-2017-3912 affects McAfee Application and Change Control (MACC) versions 6.2.0 and 7.0.1. A local attacker can bypass password authentication in the software’s password management feature and, via a command-line utility, execute arbitrary commands on the affected system. The ...

CVE-2020-7260

CVE-2020-7260 describes a DLL side-loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to version 8.3, enabling local users to run arbitrary code by executing from a compromised folder. The issue is rooted in DLL loading during installation, with impact l...

CVE-2023-0221

Trellix ACC (Trellix Application and Change Control) vulnerability CVE-2023-0221 affects versions prior to 8.3.4. A locally logged-in attacker with administrator privileges can bypass ACC’s execution controls via the utilman program. Impact is the circumvention of restricted execution paths. Reme...

CVE-2020-7334

CVE-2020-7334 affects McAfee Application and Change Control (MACC) installer. The vulnerability is an improper privilege assignment in the installer component, allowing local administrators to change or update configuration settings by using a crafted MSI file that mimics the genuine installer. T...