CVE-2019-3632 — Path Traversal in LLC Mcafee Enterprise Security Manager

CWE-22 — Path Traversal3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.7%

top 17.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Enterprise Security Manager Mcafee Enterprise Security Manager

Timeline

PublishedJun 27

Latest updateMay 24

Description

Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmcafee/enterprise_security_manager11.0.0 — 11.2.0+1

▶CVEListV5mcafee_llc/mcafee_enterprise_security_manager11.x — 11.2.0+1

🔴Vulnerability Details

GHSA

GHSA-whx8-wpqc-46g5: Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11↗2022-05-24

▶

CVEList

Directory Traversal vulnerability could lead to elevated privileges↗2019-06-27

▶