CVE-2020-7260 – MACC installer DLL side loading
https://notcve.org/view.php?id=CVE-2020-7260
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. Una vulnerabilidad de Carga Lateral de DLL en el instalador de McAfee Application and Change Control (MACC) versiones anteriores a 8.3, permite a usuarios locales ejecutar código arbitrario por medio de una ejecución desde una carpeta comprometida. • https://kc.mcafee.com/corporate/index?page=content&id=SB10313 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •
CVE-2017-3912 – McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
https://notcve.org/view.php?id=CVE-2017-3912
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios. • http://www.securityfocus.com/bid/102988 https://kc.mcafee.com/corporate/index?page=content&id=SB10224 • CWE-274: Improper Handling of Insufficient Privileges CWE-287: Improper Authentication •