Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability
CVE-2019-3638

8.1HIGH

Key Information:

Vendor: Mcafee
Status: Web Gateway(mwg)
Vendor: CVE Published:; 12 September 2019

Summary

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

Affected Version(s)

Web Gateway(MWG) 7.8.x < 7.8.2.13

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2019
Vulnerability Reserved
Jan 3, 2019