CVE-2019-3629 — LLC Mcafee Enterprise Security Manager vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

1.2%

top 21.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Enterprise Security Manager Mcafee Enterprise Security Manager

Timeline

PublishedJun 27

Latest updateMay 24

Description

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/enterprise_security_manager11.0.0 — 11.2.0+1

▶CVEListV5mcafee_llc/mcafee_enterprise_security_manager11.x — 11.2.0+1

🔴Vulnerability Details

GHSA

GHSA-736c-q36g-prw3: Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11↗2022-05-24

▶

CVEList

Application protections bypass vulnerability could allow unauthenticated user to impersonate system users↗2019-06-27

▶