CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7270 – Sensitive Information Exposure in McAfee ATD
https://notcve.org/view.php?id=CVE-2020-7270
15 Apr 2021 — Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. Una vulnerabilidad de Exposición de Información Confidencial en la interfaz web en McAfee Advanced Threat Defense (ATD) anterior a versión 4.12.2,... • https://kc.mcafee.com/corporate/index?page=content&id=SB10336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7269 – Sensitive Information Exposure in McAfee ATD
https://notcve.org/view.php?id=CVE-2020-7269
15 Apr 2021 — Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. Una vulnerabilidad de Exposición de Información Confidencial en la interfaz web en McAfee Advanced Threat Defense (ATD) anterior a versión 4.12.2,... • https://kc.mcafee.com/corporate/index?page=content&id=SB10336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7262 – Improper Access Control vulnerability in ATD
https://notcve.org/view.php?id=CVE-2020-7262
22 Jun 2020 — Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. La vulnerabilidad de Control de Acceso Inapropiado en McAfee Advanced Threat Defense (ATD) versiones anteriores a 4.10.0, permite a usuarios locales visualizar archivos confidenciales por medio de un parámetro de petición HTTP cuidadosamente diseñado • https://kc.mcafee.com/corporate/index?page=content&id=SB10319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3663 – Advanced Threat Defense (ATD) - Unprotected storage of shared credentials vulnerability
https://notcve.org/view.php?id=CVE-2019-3663
13 Nov 2019 — Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details La vulnerabilidad de almacenamiento no protegido de credenciale... • https://github.com/funoverip/mcafee_atd_CVE-2019-3663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3662 – Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability
https://notcve.org/view.php?id=CVE-2019-3662
13 Nov 2019 — Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. Una vulnerabilidad de Salto de Ruta: '/absolute/pathname/here' en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto conseguir acceso no deseado a los archivos sobre el sistema mediante peticiones HTTP cuidados... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3661 – Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2019-3661
13 Nov 2019 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. Una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando SQL ("SQL Injection") en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos de la base de datos p... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3660 – Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests
https://notcve.org/view.php?id=CVE-2019-3660
13 Nov 2019 — Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. Una Neutralización Inapropiada de las peticiones HTTP en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos en el servidor remotamente mediante peticiones HTTP cuidadosamente construidas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3650 – Advanced Threat Defense (ATD) - Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2019-3650
13 Nov 2019 — Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. Una vulnerabilidad de Divulgación de Información en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a atacantes autenticados remotos conseguir acceso a las credenciales de usuario mediante una petición GET cuida... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3651 – Advanced Threat Defense (ATD) - Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2019-3651
13 Nov 2019 — Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. Una vulnerabilidad de Divulgación de Información en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a atacantes autenticados remotos conseguir acceso a ePO como administrador mediante el uso de las credenciales de atduser, las cuales eran demasi... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3649 – Advanced Threat Defense (ATD) - Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2019-3649
13 Nov 2019 — Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. Una vulnerabilidad de Divulgación de Información en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a atacantes autenticados remotos conseguir acceso a credenciales del hash mediante una petición POST cuidadosamente con... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-532: Insertion of Sensitive Information into Log File •