CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3643 – MWG scanners updated to address CVE-2019-9511
https://notcve.org/view.php?id=CVE-2019-3643
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. McAfee Web Gateway (MWG) versiones anteriores a 7.8.2.13 es vulnerable para un atacante remoto que explota el CVE-2019-9511, conllevando potencialmente a una denegación de servicio. Esto afecta a los proxies de escaneo. • https://kc.mcafee.com/corporate/index?page=content&id=SB10296 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3632 – Directory Traversal vulnerability could lead to elevated privileges
https://notcve.org/view.php?id=CVE-2019-3632
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. vulnerabilidad de directorio transversal en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite a los usuarios identificados obtener privilegios elevados a través de una entrada especialmente diseñada.. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3631 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3631
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Vulnerabilidad de inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite que el usuario identificado ejecute códigos arbitrarios mediante parámetros creados especiales diseñados • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3630 – Command Injection could allow authenticated users to execute arbitrary code
https://notcve.org/view.php?id=CVE-2019-3630
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. La vulnerabilidad de la inyección de comandos en McAfee Enterprise Security Manager (ESM) anterior a 11.2.0 y anterior a 10.4.0 permite al usuario autorizado ejecutar código arbitrario a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3629 – Application protections bypass vulnerability could allow unauthenticated user to impersonate system users
https://notcve.org/view.php?id=CVE-2019-3629
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. La vulnerabilidad de omisión de la protección de aplicaciones en McAfee Enterprise Security Manager (ESM) anterior a la 11.2.0 y anterior a la 10.4.0 permite a los usuarios no identificados hacerse pasar por usuarios del sistema a través de parámetros especialmente diseñados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 •