CVE-2019-3615
MEDIUMMcAfee Database Security < 4.6.6 - Password Exposure via Admin Login Autocomplete
Title source: llmDescription
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10277
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107385
Scores
CVSS v3
5.3
EPSS
0.0005
EPSS Percentile
17.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-200
Status
published
Products (1)
mcafee/database_security
< 4.6.6
Published
Mar 12, 2019
Tracked Since
Feb 18, 2026