Mcafee Web Gateway vulnerabilities

CVE-2020-7297 [MEDIUM] CWE-287 CVE-2020-7297: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.

CVE-2020-7293 [CRITICAL] CWE-287 CVE-2020-7293: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

CVE-2020-7294 [MEDIUM] CWE-287 CVE-2020-7294: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

CVE-2020-7296 [MEDIUM] CWE-287 CVE-2020-7296: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.

CVE-2020-7295 [MEDIUM] CWE-287 CVE-2020-7295: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

CVE-2020-7292 [MEDIUM] CWE-838 CVE-2020-7292: Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 a Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

CVE-2019-3581 [HIGH] CWE-20 CVE-2019-3581: Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remo Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.

CVE-2018-6678 [CRITICAL] CVE-2018-6678: Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web G Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.

CVE-2018-6677 [CRITICAL] CWE-22 CVE-2018-6677: Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) M Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.

CVE-2018-6667 [CRITICAL] CWE-287 CVE-2018-6667: Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1 Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).