CVE-2020-7262 — Sensitive Information Exposure in LLC Mcafee Advanced Threat Defense

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.3

EPSS

0.3%

top 47.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Advanced Threat Defense Mcafee Advanced Threat Defense

Timeline

PublishedJun 22

Latest updateMay 24

Description

Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/advanced_threat_defense< 4.10.0

▶CVEListV5mcafee_llc/mcafee_advanced_threat_defense4.x — 4.10.0

🔴Vulnerability Details

GHSA

GHSA-r363-78j8-cvc8: Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4↗2022-05-24

▶

CVEList

Improper Access Control vulnerability in ATD↗2020-06-22

▶