CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5607
https://notcve.org/view.php?id=CVE-2023-5607
27 Nov 2023 — An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. Una limitación inadecuada de... • https://kcm.trellix.com/corporate/index?page=content&id=SB10411 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0221
https://notcve.org/view.php?id=CVE-2023-0221
13 Jan 2023 — Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. • https://kcm.trellix.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31833
https://notcve.org/view.php?id=CVE-2021-31833
04 Jan 2022 — Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. Una posible vulnerab... • https://kc.mcafee.com/corporate/index?page=content&id=SB10370 • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7334 – Improper privilege assignment vulnerability in the installer component of MACC
https://notcve.org/view.php?id=CVE-2020-7334
15 Oct 2020 — Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. Una vulnerabilidad de asignación de privilegios inapropiada en el instalador McAfee Application and Change Control (MACC) versiones anteriores a 8.3.2, permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10333 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7309 – Cross Site Scripting vulnerability in ePO extension of MACC
https://notcve.org/view.php?id=CVE-2020-7309
26 Aug 2020 — Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. Una vulnerabilidad de tipo Cross Site Scripting en la extensión ePO en McAfee Application Control (MAC) versiones anteriores a 8.3.1, permite a administradores inyectar un script web o HTML arbitrario por medio de una entrada especialmente diseñada en la sección policy discovery • https://kc.mcafee.com/corporate/index?page=content&id=SB10324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7260 – MACC installer DLL side loading
https://notcve.org/view.php?id=CVE-2020-7260
26 Mar 2020 — DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. Una vulnerabilidad de Carga Lateral de DLL en el instalador de McAfee Application and Change Control (MACC) versiones anteriores a 8.3, permite a usuarios locales ejecutar código arbitrario por medio de una ejecución desde una carpeta comprometida. • https://kc.mcafee.com/corporate/index?page=content&id=SB10313 • CWE-264: Permissions, Privileges, and Access Controls CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3912 – McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
https://notcve.org/view.php?id=CVE-2017-3912
18 Sep 2018 — Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios. • http://www.securityfocus.com/bid/102988 • CWE-274: Improper Handling of Insufficient Privileges CWE-287: Improper Authentication •