Command Injection could allow authenticated users to execute arbitrary code
CVE-2019-3630

8HIGH

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Enterprise Security Manager (esm)
Vendor: CVE Published:; 27 June 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3630?

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.

Affected Version(s)

McAfee Enterprise Security Manager (ESM) 11.x < 11.2.0

McAfee Enterprise Security Manager (ESM) 10.x < 10.4.0

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 27, 2019
Vulnerability Reserved
Jan 3, 2019

JSON