Mcafee Enterprise Security Manager vulnerabilities

9 known vulnerabilities affecting mcafee/enterprise_security_manager.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-3644HIGHCVSS 7.5v10.2.0v10.3.4+7 more2019-09-11
CVE-2019-3644 [HIGH] CVE-2019-3644: McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-201 McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
nvd
CVE-2019-3643HIGHCVSS 7.5v10.2.0v10.3.4+7 more2019-09-11
CVE-2019-3643 [MEDIUM] CVE-2019-3643: McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-201 McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
nvd
CVE-2019-3628HIGHCVSS 8.8≥ 11.0.0, < 11.2.02019-06-27
CVE-2019-3628 [HIGH] CVE-2019-3628: Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authent Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.
nvd
CVE-2019-3631HIGHCVSS 7.2fixed in 10.4.0≥ 11.0.0, < 11.2.02019-06-27
CVE-2019-3631 [HIGH] CWE-78 CVE-2019-3631: Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prio Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
nvd
CVE-2019-3632HIGHCVSS 8.8fixed in 10.4.0≥ 11.0.0, < 11.2.02019-06-27
CVE-2019-3632 [HIGH] CWE-22 CVE-2019-3632: Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and pr Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
nvd
CVE-2019-3630HIGHCVSS 7.2fixed in 10.4.0≥ 11.0.0, < 11.2.02019-06-27
CVE-2019-3630 [HIGH] CWE-78 CVE-2019-3630: Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prio Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
nvd
CVE-2019-3629MEDIUMCVSS 6.5fixed in 10.4.0≥ 11.0.0, < 11.2.02019-06-27
CVE-2019-3629 [MEDIUM] CVE-2019-3629: Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11. Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.
nvd
CVE-2015-7704HIGHCVSS 7.5fixed in 10.4.0≥ 11.0.0, < 11.2.02017-08-07
CVE-2015-7704 [HIGH] CWE-20 CVE-2015-7704: The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
nvd
CVE-2015-7310MEDIUMCVSS 6.5≤ 9.3.2≤ 9.4.2+1 more2015-09-22
CVE-2015-7310 [MEDIUM] CWE-78 CVE-2015-7310: McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enter McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
nvd