Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10336 | Broken Link Vendor Advisory |
Configurations
History
16 Nov 2023, 14:24
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10336 - Broken Link, Vendor Advisory |
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10336 - | |
CWE |
21 Apr 2021, 20:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
CPE | cpe:2.3:a:mcafee:advanced_threat_defense:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10336 - Patch, Vendor Advisory |
15 Apr 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-15 08:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-7269
Mitre link : CVE-2020-7269
CVE.ORG link : CVE-2020-7269
JSON object : View
Products Affected
mcafee
- advanced_threat_defense
CWE