// For flags

CVE-2020-7270

Sensitive Information Exposure in McAfee ATD

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

Una vulnerabilidad de Exposición de Información Confidencial en la interfaz web en McAfee Advanced Threat Defense (ATD) anterior a versión 4.12.2, permite a usuarios autenticados remotos visualizar información confidencial no cifrada por medio de un parámetro de petición HTTP cuidadosamente diseñado. El riesgo es parcialmente mitigado si sus instancias de ATD son implementadas como se recomienda sin acceso directo desde Internet hacia ellas

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2021-04-15 CVE Published
  • 2023-11-17 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
Advanced Threat Defense
Search vendor "Mcafee" for product "Advanced Threat Defense"
< 4.12.2
Search vendor "Mcafee" for product "Advanced Threat Defense" and version " < 4.12.2"
-
Affected