Password Management Vulnerability in Skyhigh Secure Web Gateway by McAfee
CVE-2023-4400

6.5MEDIUM

Key Information:

Vendor: Skyhigh Security
Status: Skyhigh Secure Web Gateway (SWG)
Vendor: CVE Published:; 13 September 2023

🔔 Create Skyhigh Security Vulnerability Alert

What is CVE-2023-4400?

A vulnerability has been identified in the Skyhigh Secure Web Gateway (SWG) that allows sensitive authentication information to be compromised. This issue arises from the storage of passwords in plaintext within certain configuration files. As a result, an attacker leveraging the SWG REST API may access these credentials, posing significant security risks to affected installations. Organizations using affected versions should take immediate steps to remediate this vulnerability to safeguard their data.

Affected Version(s)

Skyhigh Secure Web Gateway (SWG) 11.x < 11.2.14

Skyhigh Secure Web Gateway (SWG) 10.x < 10.2.25

Skyhigh Secure Web Gateway (SWG) 12.x < 12.2.1

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Aug 17, 2023