Advanced Threat Defense (ATD) - Information Disclosure vulnerability
CVE-2019-3650

5.3MEDIUM

Key Information:

Vendor: Mcafee
Status: Advanced Threat Defense (atd)
Vendor: CVE Published:; 13 November 2019

What is CVE-2019-3650?

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.

Affected Version(s)

Advanced Threat Defense (ATD) < 4.8

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 3, 2019

Mcafee

What is CVE-2019-3650?

Affected Version(s)

References

CVSS V3.1

Timeline