Application protections bypass vulnerability could allow unauthenticated user to impersonate system users
CVE-2019-3629

8.3HIGH

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Enterprise Security Manager (esm)
Vendor: CVE Published:; 27 June 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3629?

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.

Affected Version(s)

McAfee Enterprise Security Manager (ESM) 11.x < 11.2.0

McAfee Enterprise Security Manager (ESM) 10.x < 10.4.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 27, 2019
Vulnerability Reserved
Jan 3, 2019

JSON