CVE-2020-7270Sensitive Information Exposure in LLC Mcafee Advanced Threat Defense

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
CNA4.9
EPSS
0.2%
top 60.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Advanced Threat DefenseMcafee Advanced Threat Defense
Timeline
PublishedApr 15
Latest updateMay 24

Description

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_advanced_threat_defenseunspecified4.12.2

🔴Vulnerability Details

2
GHSA
GHSA-782j-x6h5-5vmq: Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 42022-05-24
CVEList
Sensitive Information Exposure in McAfee ATD2021-04-15
CVE-2020-7270 — Sensitive Information Exposure | cvebase