CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0978
https://notcve.org/view.php?id=CVE-2023-0978
13 Mar 2023 — A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack • https://kcm.trellix.com/corporate/index?page=content&id=SB10397 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7270 – Sensitive Information Exposure in McAfee ATD
https://notcve.org/view.php?id=CVE-2020-7270
15 Apr 2021 — Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. Una vulnerabilidad de Exposición de Información Confidencial en la interfaz web en McAfee Advanced Threat Defense (ATD) anterior a versión 4.12.2,... • https://kc.mcafee.com/corporate/index?page=content&id=SB10336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7269 – Sensitive Information Exposure in McAfee ATD
https://notcve.org/view.php?id=CVE-2020-7269
15 Apr 2021 — Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. Una vulnerabilidad de Exposición de Información Confidencial en la interfaz web en McAfee Advanced Threat Defense (ATD) anterior a versión 4.12.2,... • https://kc.mcafee.com/corporate/index?page=content&id=SB10336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7262 – Improper Access Control vulnerability in ATD
https://notcve.org/view.php?id=CVE-2020-7262
22 Jun 2020 — Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. La vulnerabilidad de Control de Acceso Inapropiado en McAfee Advanced Threat Defense (ATD) versiones anteriores a 4.10.0, permite a usuarios locales visualizar archivos confidenciales por medio de un parámetro de petición HTTP cuidadosamente diseñado • https://kc.mcafee.com/corporate/index?page=content&id=SB10319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7254 – Privilege escalation in Advanced Threat Defense
https://notcve.org/view.php?id=CVE-2020-7254
12 Mar 2020 — Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. Una vulnerabilidad de Escalada de Privilegios en la interfaz de línea de comandos en McAfee Advanced Threat Defense (ATD) versiones 4.x anteriores a 4.8.2, permite a usuarios locales ejecutar código arbitrario por medio de controles de acceso inapropiados en el comando sudo. • https://kc.mcafee.com/corporate/index?page=content&id=SB10311 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3663 – Advanced Threat Defense (ATD) - Unprotected storage of shared credentials vulnerability
https://notcve.org/view.php?id=CVE-2019-3663
13 Nov 2019 — Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details La vulnerabilidad de almacenamiento no protegido de credenciale... • https://github.com/funoverip/mcafee_atd_CVE-2019-3663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3662 – Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability
https://notcve.org/view.php?id=CVE-2019-3662
13 Nov 2019 — Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. Una vulnerabilidad de Salto de Ruta: '/absolute/pathname/here' en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto conseguir acceso no deseado a los archivos sobre el sistema mediante peticiones HTTP cuidados... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3661 – Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2019-3661
13 Nov 2019 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. Una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando SQL ("SQL Injection") en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos de la base de datos p... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3660 – Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests
https://notcve.org/view.php?id=CVE-2019-3660
13 Nov 2019 — Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. Una Neutralización Inapropiada de las peticiones HTTP en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a un atacante autenticado remoto ejecutar comandos en el servidor remotamente mediante peticiones HTTP cuidadosamente construidas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3650 – Advanced Threat Defense (ATD) - Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2019-3650
13 Nov 2019 — Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. Una vulnerabilidad de Divulgación de Información en McAfee Advanced Threat Defense (ATD) versiones anteriores a la versión 4.8, permite a atacantes autenticados remotos conseguir acceso a las credenciales de usuario mediante una petición GET cuida... • https://kc.mcafee.com/corporate/index?page=content&id=SB10304 •