Search
Find a vulnerability
Search criteria
8 vulnerabilities found for mcafee_web_gateway by mcafee
CVE-2019-3581 (GCVE-0-2019-3581)
Vulnerability from nvd – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
VLAI
Title
McAfee Web Gateway denial of service attack due to Improper Input Validation
Summary
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
Severity
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway |
Affected:
7.8.2 , < 7.8.2*
(custom)
Affected: 7.8.2.5 , < 7.8.2.5 (custom) Affected: 8.0 , < 8.0* (custom) Affected: 8.0.2 , < 8.0.2 (custom) |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.2*",
"status": "affected",
"version": "7.8.2",
"versionType": "custom"
},
{
"lessThan": "7.8.2.5",
"status": "affected",
"version": "7.8.2.5",
"versionType": "custom"
},
{
"lessThan": "8.0*",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T13:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to MWG 7.8.2.5 or 8.0.2"
}
],
"source": {
"advisory": "SB10264",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3581",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.2",
"version_value": "7.8.2"
},
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "7.8.2.5",
"version_value": "7.8.2.5"
},
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "8.0",
"version_value": "8.0"
},
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "8.0.2",
"version_value": "8.0.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to MWG 7.8.2.5 or 8.0.2"
}
],
"source": {
"advisory": "SB10264",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3581",
"datePublished": "2019-01-09T14:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6678 (GCVE-0-2018-6678)
Vulnerability from nvd – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability
Summary
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
Severity
CWE
- Configuration manipulation vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104893 | vdb-entryx_refsource_BID |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway (MWG) |
Affected:
7.8.1 , < 7.8.1*
(custom)
Unaffected: 7.8.2 , < 7.8.2* (custom) |
Date Public
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway (MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.1*",
"status": "affected",
"version": "7.8.1",
"versionType": "custom"
},
{
"lessThan": "7.8.2*",
"status": "unaffected",
"version": "7.8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration manipulation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6678",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway (MWG)",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.1",
"version_value": "7.8.1"
},
{
"affected": "!\u003e",
"platform": "x86",
"version_affected": "!\u003e",
"version_name": "7.8.2",
"version_value": "7.8.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration manipulation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
]
},
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6678",
"datePublished": "2018-07-23T13:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:11.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6677 (GCVE-0-2018-6677)
Vulnerability from nvd – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway (MWG) - Directory Traversal vulnerability
Summary
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
Severity
7.6 (High)
CWE
- Directory Traversal vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104893 | vdb-entryx_refsource_BID |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway (MWG) |
Affected:
7.8.1 , < 7.8.1*
(custom)
Unaffected: 7.8.2 , < 7.8.2* (custom) |
Date Public
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway (MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.1*",
"status": "affected",
"version": "7.8.1",
"versionType": "custom"
},
{
"lessThan": "7.8.2*",
"status": "unaffected",
"version": "7.8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6677",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway (MWG)",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.1",
"version_value": "7.8.1"
},
{
"affected": "!\u003e",
"platform": "x86",
"version_affected": "!\u003e",
"version_name": "7.8.2",
"version_value": "7.8.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
]
},
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6677",
"datePublished": "2018-07-23T13:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6667 (GCVE-0-2018-6667)
Vulnerability from nvd – Published: 2018-06-26 17:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway - Authentication Bypass vulnerability
Summary
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
Severity
10 (Critical)
CWE
- Authentication Bypass vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041129 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104564 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Web Gateway |
Affected:
7.8.1.0 , < unspecified
(custom)
Affected: unspecified , ≤ 7.8.1.5 (custom) |
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Web Gateway",
"vendor": "McAfee",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.8.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.8.1.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-28T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104564"
}
],
"source": {
"advisory": "SB10241",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway - Authentication Bypass vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6667",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway - Authentication Bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Gateway",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_value": "7.8.1.0"
},
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_value": "7.8.1.5"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104564"
}
]
},
"source": {
"advisory": "SB10241",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6667",
"datePublished": "2018-06-26T17:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3581 (GCVE-0-2019-3581)
Vulnerability from cvelistv5 – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
VLAI
Title
McAfee Web Gateway denial of service attack due to Improper Input Validation
Summary
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
Severity
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway |
Affected:
7.8.2 , < 7.8.2*
(custom)
Affected: 7.8.2.5 , < 7.8.2.5 (custom) Affected: 8.0 , < 8.0* (custom) Affected: 8.0.2 , < 8.0.2 (custom) |
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.2*",
"status": "affected",
"version": "7.8.2",
"versionType": "custom"
},
{
"lessThan": "7.8.2.5",
"status": "affected",
"version": "7.8.2.5",
"versionType": "custom"
},
{
"lessThan": "8.0*",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T13:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to MWG 7.8.2.5 or 8.0.2"
}
],
"source": {
"advisory": "SB10264",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3581",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.2",
"version_value": "7.8.2"
},
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "7.8.2.5",
"version_value": "7.8.2.5"
},
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "8.0",
"version_value": "8.0"
},
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "8.0.2",
"version_value": "8.0.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to MWG 7.8.2.5 or 8.0.2"
}
],
"source": {
"advisory": "SB10264",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3581",
"datePublished": "2019-01-09T14:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6677 (GCVE-0-2018-6677)
Vulnerability from cvelistv5 – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway (MWG) - Directory Traversal vulnerability
Summary
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
Severity
7.6 (High)
CWE
- Directory Traversal vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104893 | vdb-entryx_refsource_BID |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway (MWG) |
Affected:
7.8.1 , < 7.8.1*
(custom)
Unaffected: 7.8.2 , < 7.8.2* (custom) |
Date Public
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway (MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.1*",
"status": "affected",
"version": "7.8.1",
"versionType": "custom"
},
{
"lessThan": "7.8.2*",
"status": "unaffected",
"version": "7.8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6677",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway (MWG)",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.1",
"version_value": "7.8.1"
},
{
"affected": "!\u003e",
"platform": "x86",
"version_affected": "!\u003e",
"version_name": "7.8.2",
"version_value": "7.8.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
]
},
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6677",
"datePublished": "2018-07-23T13:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6678 (GCVE-0-2018-6678)
Vulnerability from cvelistv5 – Published: 2018-07-23 13:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability
Summary
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
Severity
CWE
- Configuration manipulation vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104893 | vdb-entryx_refsource_BID |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee Web Gateway (MWG) |
Affected:
7.8.1 , < 7.8.1*
(custom)
Unaffected: 7.8.2 , < 7.8.2* (custom) |
Date Public
2018-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Web Gateway (MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.1*",
"status": "affected",
"version": "7.8.1",
"versionType": "custom"
},
{
"lessThan": "7.8.2*",
"status": "unaffected",
"version": "7.8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration manipulation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "104893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
],
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6678",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Web Gateway (MWG)",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "7.8.1",
"version_value": "7.8.1"
},
{
"affected": "!\u003e",
"platform": "x86",
"version_affected": "!\u003e",
"version_name": "7.8.2",
"version_value": "7.8.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration manipulation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10245"
}
]
},
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6678",
"datePublished": "2018-07-23T13:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:11.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6667 (GCVE-0-2018-6667)
Vulnerability from cvelistv5 – Published: 2018-06-26 17:00 – Updated: 2024-08-05 06:10
VLAI
Title
McAfee Web Gateway - Authentication Bypass vulnerability
Summary
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
Severity
10 (Critical)
CWE
- Authentication Bypass vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041129 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104564 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Web Gateway |
Affected:
7.8.1.0 , < unspecified
(custom)
Affected: unspecified , ≤ 7.8.1.5 (custom) |
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Web Gateway",
"vendor": "McAfee",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.8.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.8.1.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-28T09:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104564"
}
],
"source": {
"advisory": "SB10241",
"discovery": "INTERNAL"
},
"title": "McAfee Web Gateway - Authentication Bypass vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6667",
"STATE": "PUBLIC",
"TITLE": "McAfee Web Gateway - Authentication Bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Gateway",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_value": "7.8.1.0"
},
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_value": "7.8.1.5"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041129",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041129"
},
{
"name": "104564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104564"
}
]
},
"source": {
"advisory": "SB10241",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6667",
"datePublished": "2018-06-26T17:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}