Sensitive Information Exposure in McAfee ATD
CVE-2020-7270

4.9MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Advanced Threat Defense (atd)
Vendor: CVE Published:; 15 April 2021

Summary

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

Affected Version(s)

McAfee Advanced Threat Defense (ATD) < 4.12.2

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2021
Vulnerability Reserved
Jan 21, 2020