CVE-2019-3661 — SQL Injection in Advanced Threat Defense

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA8.1

EPSS

0.2%

top 61.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Advanced Threat Defense

Timeline

PublishedNov 14

Latest updateMay 24

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5mcafee/advanced_threat_defenseunspecified — 4.8

▶NVDmcafee/advanced_threat_defense< 4.8

🔴Vulnerability Details

GHSA

GHSA-m7xp-wxh2-67mj: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4↗2022-05-24

▶

CVEList

Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')↗2019-11-13

▶