CVE-2019-3650

MEDIUM

McAfee Advanced Threat Defense < 4.8 - Authenticated Information Disclosure via Database Query

Title source: llm

Description

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Scores

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

mcafee/advanced_threat_defense < 4.8

Published Nov 13, 2019

Tracked Since Feb 18, 2026