CVE-2019-3661

HIGH

McAfee Advanced Threat Defense < 4.8 - Authenticated SQL Injection via Time-Based Payloads

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0017
EPSS Percentile 38.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-89
Status published
Products (1)
mcafee/advanced_threat_defense < 4.8
Published Nov 14, 2019
Tracked Since Feb 18, 2026