CVE-2020-7292

CWE-8383 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 55.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Mcafee WEB Gateway (mwg)Mcafee WEB Gateway
Timeline
PublishedJul 15
Latest updateMay 24

Description

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmcafee/web_gateway7.8.07.8.2.22+2
CVEListV5mcafee/mcafee_web_gateway_(mwg)unspecified9.2.1

🔴Vulnerability Details

2
GHSA
GHSA-hm27-4fw9-4w6f: Inappropriate Encoding for output context in McAfee Web Gateway (MWG) prior to 92022-05-24
CVEList
Web Gateway (MWG) - Inappropriate Encoding for output context2020-07-15