CVE-2019-3631 — OS Command Injection in LLC Mcafee Enterprise Security Manager

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

2.8%

top 13.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Enterprise Security Manager Mcafee Enterprise Security Manager

Timeline

PublishedJun 27

Latest updateMay 24

Description

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDmcafee/enterprise_security_manager11.0.0 — 11.2.0+1

▶CVEListV5mcafee_llc/mcafee_enterprise_security_manager11.x — 11.2.0+1

🔴Vulnerability Details

GHSA

GHSA-mrpg-fqx4-3xf2: Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11↗2022-05-24

▶

CVEList

Command Injection could allow authenticated users to execute arbitrary code↗2019-06-27

▶