CVE-2019-3663 – Advanced Threat Defense (ATD) - Unprotected storage of shared credentials vulnerability
https://notcve.org/view.php?id=CVE-2019-3663
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details La vulnerabilidad de almacenamiento no protegido de credenciales en McAfee Advanced Threat Defense (ATD) anterior a la versión 4.8 permite al atacante local obtener acceso a la contraseña de root mediante el acceso a archivos confidenciales en el sistema. Esto se publicó originalmente con una calificación CVSS de Alta, una investigación adicional ha dado lugar a que esto se actualice a Crítico. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-522: Insufficiently Protected Credentials •
CVE-2019-3662 – Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability
https://notcve.org/view.php?id=CVE-2019-3662
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. Una vulnerabilidad de Salto de Ruta: '/absolute/pathname/here' en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto conseguir acceso no deseado a los archivos sobre el sistema mediante peticiones HTTP cuidadosamente construidas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-3661 – Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2019-3661
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. Una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando SQL ("SQL Injection") en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos de la base de datos por medio de cargas útiles basadas en tiempo cuidadosamente construidas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-3660 – Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests
https://notcve.org/view.php?id=CVE-2019-3660
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. Una Neutralización Inapropiada de las peticiones HTTP en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos en el servidor remotamente mediante peticiones HTTP cuidadosamente construidas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •
CVE-2019-3650 – Advanced Threat Defense (ATD) - Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2019-3650
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. Una vulnerabilidad de Divulgación de Información en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a atacantes autenticados remotos conseguir acceso a las credenciales de usuario mediante una petición GET cuidadosamente construida extrayendo de forma no segura la información almacenada en la base de datos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •