Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Common UI (CUI) by McAfee

    CVE-2018-6670 (GCVE-0-2018-6670)

    Vulnerability from nvd – Published: 2018-06-07 18:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    External Entity Attack vulnerability in McAfee Common UI (CUI)
    Summary
    External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
    CWE
    • External Entity Attack vulnerability
    Assigner
    References
    Impacted products
    Date Public
    2018-05-30 00:00
    Credits
    McAfee credits Łukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Common UI (CUI)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "External Entity Attack vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T17:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
            }
          ],
          "source": {
            "advisory": "SB10236",
            "discovery": "EXTERNAL"
          },
          "title": "External Entity Attack vulnerability in McAfee Common UI (CUI)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6670",
              "STATE": "PUBLIC",
              "TITLE": "External Entity Attack vulnerability in McAfee Common UI (CUI)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Common UI (CUI)",
                          "version": {
                            "version_data": [
                              {
                                "platform": "x86",
                                "version_name": "2.0.2",
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "External Entity Attack vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
                }
              ]
            },
            "source": {
              "advisory": "SB10236",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6670",
        "datePublished": "2018-06-07T18:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6670 (GCVE-0-2018-6670)

    Vulnerability from cvelistv5 – Published: 2018-06-07 18:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    External Entity Attack vulnerability in McAfee Common UI (CUI)
    Summary
    External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
    CWE
    • External Entity Attack vulnerability
    Assigner
    References
    Impacted products
    Date Public
    2018-05-30 00:00
    Credits
    McAfee credits Łukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Common UI (CUI)",
              "vendor": "McAfee",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "External Entity Attack vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T17:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
            }
          ],
          "source": {
            "advisory": "SB10236",
            "discovery": "EXTERNAL"
          },
          "title": "External Entity Attack vulnerability in McAfee Common UI (CUI)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6670",
              "STATE": "PUBLIC",
              "TITLE": "External Entity Attack vulnerability in McAfee Common UI (CUI)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Common UI (CUI)",
                          "version": {
                            "version_data": [
                              {
                                "platform": "x86",
                                "version_name": "2.0.2",
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "External Entity Attack vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
                }
              ]
            },
            "source": {
              "advisory": "SB10236",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6670",
        "datePublished": "2018-06-07T18:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }