CVE-2020-7270

MEDIUM

McAfee Advanced Threat Defense < 4.12.2 - Authenticated Exposure of Sensitive Information via HTTP Request Parameter

Title source: llm
STIX 2.1

Description

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

References (1)

Core 1
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://kc.mcafee.com/corporate/index?page=content&id=SB10336

Scores

CVSS v3 4.9
EPSS 0.0018
EPSS Percentile 38.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Details

CWE
CWE-200
Status published
Products (1)
mcafee/advanced_threat_defense < 4.12.2
Published Apr 15, 2021
Tracked Since Feb 18, 2026