Lucene search

TrellixCVELIST:CVE-2019-3660

HistoryNov 13, 2019 - 11:05 p.m.

CVE-2019-3660 Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests

2019-11-1323:05:53

trellix

www.cve.org

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.

CNA Affected

[
  {
    "product": "Advanced Threat Defense (ATD)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "4.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10304

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Related for CVELIST:CVE-2019-3660