CVE-2019-3619

MEDIUM

McAfee ePolicy Orchestrator 5.9.x/5.10.0 < Update 4 - Cleartext Transmission of Sensitive Information

Title source: llm

Description

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10286

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/109066

Scores

CVSS v3 6.8

EPSS 0.0016

EPSS Percentile 36.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (3)

mcafee/epolicy_orchestrator 5.9.0

mcafee/epolicy_orchestrator 5.9.1

mcafee/epolicy_orchestrator 5.10.0 (4 CPE variants)

Published Jul 03, 2019

Tracked Since Feb 18, 2026