Advanced Threat Defense (ATD) - Information Disclosure vulnerability

CVE-2019-3649

5.3MEDIUM

Key Information

Vendor: Mcafee
Status: Advanced Threat Defense (atd)
Vendor: CVE Published:; 13 November 2019

Summary

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.

Affected Version(s)

Advanced Threat Defense (ATD) < 4.8

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 3, 2019

Collectors

NVD DatabaseMitre Database