Mcafee Web Gateway vulnerabilities
42 known vulnerabilities affecting mcafee/web_gateway.
Total CVEs
42
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH17MEDIUM19
Vulnerabilities
Page 2 of 3
CVE-2019-1559P3MEDIUMCVSS 5.9≥ 7.0.0, < 9.0.02019-02-27
CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave
nvd
CVE-2019-9169P3CRITICALCVSS 9.8≥ 7.7.2.0, < 7.7.2.21≥ 7.8.2.0, < 7.8.2.8+1 more2019-02-26
CVE-2019-9169 [CRITICAL] CWE-125 CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a h
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
nvd
CVE-2016-1840P3HIGHCVSS 7.8≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1840 [HIGH] CWE-119 CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used i
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvd
CVE-2016-4447P3HIGHCVSS 7.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-06-09
CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
nvd
CVE-2016-1762P3HIGHCVSS 8.1≤ 7.5.2.10≤ 7.6.2.32016-03-24
CVE-2016-1762 [HIGH] CWE-119 CVE-2016-1762: The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of servic
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2019-3644P3HIGHCVSS 7.5≥ 7.7.2.0, < 7.7.2.24≥ 7.8.2, < 7.8.2.13+1 more2019-09-11
CVE-2019-3644 [HIGH] CVE-2019-3644: McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-201
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
nvd
CVE-2019-3643P3HIGHCVSS 7.5≥ 7.7.2.0, < 7.7.2.24≥ 7.8.2, < 7.8.2.13+1 more2019-09-11
CVE-2019-3643 [HIGH] CVE-2019-3643: McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-201
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
nvd
CVE-2019-3635P4MEDIUMCVSS 6.5≥ 7.8.2.0, < 7.8.2.122019-08-14
CVE-2019-3635 [MEDIUM] CVE-2019-3635: Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtai
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.
nvd
CVE-2019-3639P4HIGHCVSS 7.1≥ 7.8.2.0, < 7.8.2.122019-08-14
CVE-2019-3639 [HIGH] CWE-1021 CVE-2019-3639: Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
nvd
CVE-2022-1254P4MEDIUMCVSS 6.1≥ 7.0.0, < 7.8.2.31≥ 8.0.0, < 8.2.27+3 more2022-04-20
CVE-2022-1254 [MEDIUM] CWE-601 CVE-2022-1254: A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP red
nvd
CVE-2012-2212P4MEDIUMCVSS 5.0v7.0.02012-04-28
CVE-2012-2212 [MEDIUM] CWE-264 CVE-2012-2212: McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT me
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent wi
nvd
CVE-2016-1837P4MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1837 [MEDIUM] CWE-416 CVE-2016-1837: Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiter
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
nvd
CVE-2016-1836P4MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≥ 7.6.0.0, ≤ 7.6.2.32016-05-20
CVE-2016-1836 [MEDIUM] CWE-416 CVE-2016-1836: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
nvd
CVE-2020-7297P4MEDIUMCVSS 5.7≥ 7.8.0, < 7.8.2.22≥ 8.2.0, < 8.2.9+1 more2020-09-16
CVE-2020-7297 [MEDIUM] CWE-287 CVE-2020-7297: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
nvd
CVE-2020-7296P4MEDIUMCVSS 5.7≥ 7.8.0, < 7.8.2.23≥ 8.2.0, < 8.2.11+1 more2020-09-15
CVE-2020-7296 [MEDIUM] CWE-287 CVE-2020-7296: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
nvd
CVE-2014-2535P4MEDIUMCVSS 4.0≥ 7.2.0, ≤ 7.2.0.9≥ 7.3.2, < 7.3.2.6+1 more2014-03-18
CVE-2014-2535 [MEDIUM] CWE-22 CVE-2014-2535: Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.
nvd
CVE-2019-6454P4MEDIUMCVSS 5.5fixed in 7.7.2.21≥ 7.8.0, < 7.8.2.8+1 more2019-03-21
CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta
nvd
CVE-2016-1833P4MEDIUMCVSS 5.5≥ 7.5.0.0, ≤ 7.5.2.10≤ 7.6.2.32016-05-20
CVE-2016-1833 [MEDIUM] CWE-125 CVE-2016-1833: The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
nvd
CVE-2020-7295P4MEDIUMCVSS 4.6≥ 7.8.0, < 7.8.2.23≥ 8.2.0, < 8.2.11+1 more2020-09-15
CVE-2020-7295 [MEDIUM] CWE-287 CVE-2020-7295: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
nvd
CVE-2020-7294P4MEDIUMCVSS 4.6≥ 7.8.0, < 7.8.2.23≥ 8.2.0, < 8.2.11+1 more2020-09-15
CVE-2020-7294 [MEDIUM] CWE-287 CVE-2020-7294: Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated u
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
nvd