CVE Vulnerability

CVE-2019-3649

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10304 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mcafee:advanced_threat_defense:*:*:*:*:*:*:*:*
Information

Published : 2019-11-13 11:15

Updated : 2021-07-21 11:39

NVD link : CVE-2019-3649

Mitre link : CVE-2019-3649

Products Affected

Advanced Threat Defense

Mcafee

CWE
CWE-532

Insertion of Sensitive Information into Log File