CVE-2019-3662 — Path Traversal in Advanced Threat Defense

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Advanced Threat Defense

Timeline

PublishedNov 14

Latest updateMay 24

Description

Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee/advanced_threat_defenseunspecified — 4.8

▶NVDmcafee/advanced_threat_defense< 4.8

🔴Vulnerability Details

GHSA

GHSA-826p-hc8r-6r48: Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4↗2022-05-24

▶

CVEList

Advanced Threat Defense (ATD) - Path Traversal: '/absolute/pathname/here' vulnerability↗2019-11-13

▶