Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for mcafee_web_gateway by mcafee

    CVE-2019-3581 (GCVE-0-2019-3581)

    Vulnerability from nvd – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
    VLAI
    Title
    McAfee Web Gateway denial of service attack due to Improper Input Validation
    Summary
    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway Affected: 7.8.2 , < 7.8.2* (custom)
    Affected: 7.8.2.5 , < 7.8.2.5 (custom)
    Affected: 8.0 , < 8.0* (custom)
    Affected: 8.0.2 , < 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.2*",
                  "status": "affected",
                  "version": "7.8.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.5",
                  "status": "affected",
                  "version": "7.8.2.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.2",
                  "status": "affected",
                  "version": "8.0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to MWG 7.8.2.5 or 8.0.2"
            }
          ],
          "source": {
            "advisory": "SB10264",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3581",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "7.8.2.5",
                                "version_value": "7.8.2.5"
                              },
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "8.0",
                                "version_value": "8.0"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.0.2",
                                "version_value": "8.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to MWG 7.8.2.5 or 8.0.2"
              }
            ],
            "source": {
              "advisory": "SB10264",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3581",
        "datePublished": "2019-01-09T14:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6678 (GCVE-0-2018-6678)

    Vulnerability from nvd – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability
    Summary
    Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
    CWE
    • Configuration manipulation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway (MWG) Affected: 7.8.1 , < 7.8.1* (custom)
    Unaffected: 7.8.2 , < 7.8.2* (custom)
    Create a notification for this product.
    Date Public
    2018-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway (MWG)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.1*",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2*",
                  "status": "unaffected",
                  "version": "7.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration manipulation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "104893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            }
          ],
          "source": {
            "advisory": "SB10245",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6678",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway (MWG)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.1",
                                "version_value": "7.8.1"
                              },
                              {
                                "affected": "!\u003e",
                                "platform": "x86",
                                "version_affected": "!\u003e",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration manipulation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104893"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
                }
              ]
            },
            "source": {
              "advisory": "SB10245",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6678",
        "datePublished": "2018-07-23T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6677 (GCVE-0-2018-6677)

    Vulnerability from nvd – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway (MWG) - Directory Traversal vulnerability
    Summary
    Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
    CWE
    • Directory Traversal vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway (MWG) Affected: 7.8.1 , < 7.8.1* (custom)
    Unaffected: 7.8.2 , < 7.8.2* (custom)
    Create a notification for this product.
    Date Public
    2018-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.756Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway (MWG)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.1*",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2*",
                  "status": "unaffected",
                  "version": "7.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "104893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            }
          ],
          "source": {
            "advisory": "SB10245",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6677",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway (MWG)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.1",
                                "version_value": "7.8.1"
                              },
                              {
                                "affected": "!\u003e",
                                "platform": "x86",
                                "version_affected": "!\u003e",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104893"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
                }
              ]
            },
            "source": {
              "advisory": "SB10245",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6677",
        "datePublished": "2018-07-23T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6667 (GCVE-0-2018-6667)

    Vulnerability from nvd – Published: 2018-06-26 17:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway - Authentication Bypass vulnerability
    Summary
    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    URL Tags
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041129 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/104564 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    McAfee Web Gateway Affected: 7.8.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 7.8.1.5 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
              },
              {
                "name": "1041129",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041129"
              },
              {
                "name": "104564",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104564"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.8.1.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-28T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
            },
            {
              "name": "1041129",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041129"
            },
            {
              "name": "104564",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104564"
            }
          ],
          "source": {
            "advisory": "SB10241",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway - Authentication Bypass vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6667",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway - Authentication Bypass vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_value": "7.8.1.0"
                              },
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_value": "7.8.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
                },
                {
                  "name": "1041129",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041129"
                },
                {
                  "name": "104564",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104564"
                }
              ]
            },
            "source": {
              "advisory": "SB10241",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6667",
        "datePublished": "2018-06-26T17:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3581 (GCVE-0-2019-3581)

    Vulnerability from cvelistv5 – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
    VLAI
    Title
    McAfee Web Gateway denial of service attack due to Improper Input Validation
    Summary
    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway Affected: 7.8.2 , < 7.8.2* (custom)
    Affected: 7.8.2.5 , < 7.8.2.5 (custom)
    Affected: 8.0 , < 8.0* (custom)
    Affected: 8.0.2 , < 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.2*",
                  "status": "affected",
                  "version": "7.8.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.5",
                  "status": "affected",
                  "version": "7.8.2.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.2",
                  "status": "affected",
                  "version": "8.0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to MWG 7.8.2.5 or 8.0.2"
            }
          ],
          "source": {
            "advisory": "SB10264",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3581",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "7.8.2.5",
                                "version_value": "7.8.2.5"
                              },
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "8.0",
                                "version_value": "8.0"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.0.2",
                                "version_value": "8.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to MWG 7.8.2.5 or 8.0.2"
              }
            ],
            "source": {
              "advisory": "SB10264",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3581",
        "datePublished": "2019-01-09T14:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6677 (GCVE-0-2018-6677)

    Vulnerability from cvelistv5 – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway (MWG) - Directory Traversal vulnerability
    Summary
    Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
    CWE
    • Directory Traversal vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway (MWG) Affected: 7.8.1 , < 7.8.1* (custom)
    Unaffected: 7.8.2 , < 7.8.2* (custom)
    Create a notification for this product.
    Date Public
    2018-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.756Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway (MWG)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.1*",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2*",
                  "status": "unaffected",
                  "version": "7.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "104893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            }
          ],
          "source": {
            "advisory": "SB10245",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6677",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway (MWG)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.1",
                                "version_value": "7.8.1"
                              },
                              {
                                "affected": "!\u003e",
                                "platform": "x86",
                                "version_affected": "!\u003e",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104893"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
                }
              ]
            },
            "source": {
              "advisory": "SB10245",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6677",
        "datePublished": "2018-07-23T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6678 (GCVE-0-2018-6678)

    Vulnerability from cvelistv5 – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability
    Summary
    Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
    CWE
    • Configuration manipulation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway (MWG) Affected: 7.8.1 , < 7.8.1* (custom)
    Unaffected: 7.8.2 , < 7.8.2* (custom)
    Create a notification for this product.
    Date Public
    2018-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104893"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway (MWG)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.1*",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2*",
                  "status": "unaffected",
                  "version": "7.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration manipulation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "name": "104893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104893"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
            }
          ],
          "source": {
            "advisory": "SB10245",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6678",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway (MWG)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.1",
                                "version_value": "7.8.1"
                              },
                              {
                                "affected": "!\u003e",
                                "platform": "x86",
                                "version_affected": "!\u003e",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration manipulation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104893"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
                }
              ]
            },
            "source": {
              "advisory": "SB10245",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6678",
        "datePublished": "2018-07-23T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6667 (GCVE-0-2018-6667)

    Vulnerability from cvelistv5 – Published: 2018-06-26 17:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    McAfee Web Gateway - Authentication Bypass vulnerability
    Summary
    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    URL Tags
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041129 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/104564 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    McAfee Web Gateway Affected: 7.8.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 7.8.1.5 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
              },
              {
                "name": "1041129",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041129"
              },
              {
                "name": "104564",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104564"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.8.1.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-28T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
            },
            {
              "name": "1041129",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041129"
            },
            {
              "name": "104564",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104564"
            }
          ],
          "source": {
            "advisory": "SB10241",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway - Authentication Bypass vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6667",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway - Authentication Bypass vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_value": "7.8.1.0"
                              },
                              {
                                "affected": "\u003c=",
                                "platform": "x86",
                                "version_affected": "\u003c=",
                                "version_value": "7.8.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
                },
                {
                  "name": "1041129",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041129"
                },
                {
                  "name": "104564",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104564"
                }
              ]
            },
            "source": {
              "advisory": "SB10241",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6667",
        "datePublished": "2018-06-26T17:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }