CVE-2019-3619 — Cleartext Transmission of Sensitive Info in LLC Mcafee Epolicy Orchestrator

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

4.9MEDIUMNVD

CNA6.8

EPSS

0.2%

top 62.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Epolicy Orchestrator Mcafee Epolicy Orchestrator

Timeline

PublishedJul 3

Latest updateMay 24

Description

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee_llc/mcafee_epolicy_orchestrator5.9.x and 5.10.0 — 5.10.0 Update 4

▶NVDmcafee/epolicy_orchestrator5.10.0, 5.9.0, 5.9.1+2

🔴Vulnerability Details

GHSA

GHSA-wfp7-fmj5-7x44: Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5↗2022-05-24

▶

CVEList

CVE-2019-3619: Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5↗2019-07-03

▶