16 results (0.008 seconds)

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

13 Jan 2023 — Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. • https://kcm.trellix.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

04 Jan 2022 — Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. Una posible vulnerab... • https://kc.mcafee.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

15 Oct 2020 — Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. Una vulnerabilidad de asignación de privilegios inapropiada en el instalador McAfee Application and Change Control (MACC) versiones anteriores a 8.3.2, permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10333 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

26 Aug 2020 — Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. Una vulnerabilidad de tipo Cross Site Scripting en la extensión ePO en McAfee Application Control (MAC) versiones anteriores a 8.3.1, permite a administradores inyectar un script web o HTML arbitrario por medio de una entrada especialmente diseñada en la sección policy discovery • https://kc.mcafee.com/corporate/index?page=content&id=SB10324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2020 — DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. Una vulnerabilidad de Carga Lateral de DLL en el instalador de McAfee Application and Change Control (MACC) versiones anteriores a 8.3, permite a usuarios locales ejecutar código arbitrario por medio de una ejecución desde una carpeta comprometida. • https://kc.mcafee.com/corporate/index?page=content&id=SB10313 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

31 Dec 2018 — A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. Una vulnerabilidad de omisión de autenticación de lista blanca en McAfee Application Control / Change Control en versiones anteriores a la 7.0.1 permite omitir la ejecución, por ejemplo, con DLL simple mediante intérpretes como PowerShell. • http://www.securityfocus.com/bid/106282 •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

20 Dec 2018 — A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. Una vulnerabilidad de omisión de listas blancas en McAfee Application Control/Change Control, en versiones 7.0.1 y anteriores, permite que un usuario local o remoto ejecute archivos en la lista negra mediante un formulario de ASP.NET. • http://www.securityfocus.com/bid/106282 • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

18 Sep 2018 — Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios. • http://www.securityfocus.com/bid/102988 • CWE-274: Improper Handling of Insufficient Privileges CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

18 Sep 2018 — Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. Una vulnerabilidad de acceso, modificación o ejecución de archivos ejecutables en el cliente Microsoft Windows en McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 y anteriores permite que usuarios autenticados ejecuten código arbitrario me... • https://cert-portal.siemens.com/productcert/pdf/ssa-674165.pdf • CWE-346: Origin Validation Error •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

14 Mar 2017 — Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. Vulnerabilidad de escalada de privilegios en Intel Security McAfee Application Control (MAC) versiones 7.0 y 6.x permite a atacantes provocar DoS, comportamiento inesperado o potencialmente ejecución de código no autorizada a través de un uso no autorizado de llamada IOC... • https://kc.mcafee.com/corporate/index?page=content&id=SB10175 • CWE-264: Permissions, Privileges, and Access Controls •