CVE-2019-3660 — Advanced Threat Defense vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

CNA8.4

EPSS

0.7%

top 27.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Advanced Threat Defense

Timeline

PublishedNov 13

Latest updateMay 24

Description

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5mcafee/advanced_threat_defenseunspecified — 4.8

▶NVDmcafee/advanced_threat_defense< 4.8

🔴Vulnerability Details

GHSA

GHSA-3g23-34hp-r6rx: Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4↗2022-05-24

▶

CVEList

Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests↗2019-11-13

▶