CVE-2021-23884
Clear text exposure of password in McAfee CSR ePO extension
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
Una vulnerabilidad de Transmisión de Texto Sin Cifrar de Información Confidencial en la Extensión ePO de McAfee Content Security Reporter (CSR) anterior a versión 2.8.0, permite a un administrador de ePO visualizar la contraseña no cifrada de McAfee Web Gateway (MWG) o la contraseña del usuario de solo lectura de McAfee Web Gateway Cloud Server (MWGCS) usado para recuperar archivos de registro para su análisis en CSR
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2021-04-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10353 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Content Security Reporter Search vendor "Mcafee" for product "Content Security Reporter" | < 2.8.0 Search vendor "Mcafee" for product "Content Security Reporter" and version " < 2.8.0" | - |
Affected
| ||||||