CVE-2020-7295Improper Authentication in WEB Gateway

CWE-287Improper Authentication3 documents3 sources
Severity
4.6MEDIUMNVD
CNA3.5
EPSS
0.1%
top 80.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee WEB GatewayMcafee WEB Gateway
Timeline
PublishedSep 15
Latest updateMay 24

Description

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDmcafee/web_gateway7.8.07.8.2.23+2
CVEListV5mcafee/mcafee_web_gatewayunspecified9.2.1

🔴Vulnerability Details

2
GHSA
GHSA-jp5w-5x2h-hp6v: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 92022-05-24
CVEList
Web Gateway (MWG) - Privilege Escalation vulnerability2020-09-15
CVE-2020-7295 — Improper Authentication in Mcafee | cvebase