6 matches found
CVE-2020-7285
The CVE-2020-7285 entry concerns McAfee MVISION Endpoint, affected in versions prior to 20.5.0.94. The vulnerability is a local-priority privilege escalation where a malicious script or program can execute functions the caller should not access. Root cause details beyond the stated privilege esca...
CVE-2020-7328
Summary (CVE-2020-7328): McAfee MVISION Endpoint’s ePO extension is affected prior to version 20.11. The issue is a server-side input validation flaw that permits a remote attacker to load attack content into ePO and potentially gain control of a resource or trigger arbitrary code execution via H...
CVE-2019-3584
McAfee MVision Endpoint vulnerable before 1811 Update 1 (18.11.31.62). A authentication flaw permits authenticated administrator users to remove MVision Endpoint via unspecified vectors. Affected product/version: MVision Endpoint prior to 1811 Update 1. Underlying cause: authentication-based acce...
CVE-2020-7325
CVE-2020-7325 affects McAfee MVISION Endpoint prior to 20.9 Update. It describes a local privilege escalation where an attacker can access files the user normally cannot by manipulating symbolic links to redirect McAfee file operations to an unintended file. The description confirms affected prod...
CVE-2020-7324
CVE-2020-7324 affects McAfee MVISION Endpoint. The vulnerability is an Improper Access Control in MVISION Endpoint prior to version 20.9, allowing local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. Affected component is the access c...
CVE-2020-7329
The CVE-2020-7329 entry applies to McAfee MVISION Endpoint, specifically the ePO extension prior to version 20.11. A server-side request forgery (SSRF) vulnerability exists where an attacker can trigger server-side DNS requests to arbitrary domains by loading carefully constructed XML files via a...