Search criteria
16 vulnerabilities found for true_key by mcafee
CVE-2020-7299 (GCVE-0-2020-7299)
Vulnerability from nvd – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
VLAI?
Title
Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee,LLC | McAfee True Key Windows client |
Affected:
6.x , < 6.2.110.8
(custom)
|
Credits
McAfee credits nestedif for responsibly reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee True Key Windows client",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "6.2.110.8",
"status": "affected",
"version": "6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T14:05:21",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-7299",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee True Key Windows client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.x",
"version_value": "6.2.110.8"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7299",
"datePublished": "2020-09-04T14:05:21.286070Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from nvd – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
VLAI?
Title
True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Severity ?
5.6 (Medium)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | True Key (TK) |
Affected:
3.1 , ≤ 3.1.9211.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Chrome, Edge and Firefox"
],
"product": "True Key (TK)",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "3.1.9211.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
"ID": "CVE-2019-3610",
"STATE": "PUBLIC",
"TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "Chrome, Edge and Firefox",
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.9211.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3610",
"datePublished": "2019-02-13T17:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6757 (GCVE-0-2018-6757)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Privilege Escalation vulnerability
Summary
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- Privilege Escalation vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6757",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6757",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6756 (GCVE-0-2018-6756)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Authentication Abuse vulnerability
Summary
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Severity ?
7.8 (High)
CWE
- Authentication Abuse vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Abuse vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6756",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6756",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6755 (GCVE-0-2018-6755)
Vulnerability from nvd – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Weak Directory Permission Vulnerability
Summary
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.2 (High)
CWE
- Weak Directory Permission Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Directory Permission\u00a0Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6755",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Directory Permission\u00a0Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6755",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6700 (GCVE-0-2018-6700)
Vulnerability from nvd – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
5.1.165 , < 5.1.165
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "5.1.165",
"status": "affected",
"version": "5.1.165",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
},
"title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6700",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "5.1.165",
"version_value": "5.1.165"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
]
},
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6700",
"datePublished": "2018-09-24T13:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6682 (GCVE-0-2018-6682)
Vulnerability from nvd – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - Cross Site Scripting Exposure
Summary
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
Severity ?
5.9 (Medium)
CWE
- Cross Site Scripting Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
4.0.0.0 , ≤ 4.0.0.0
(custom)
|
Credits
McAfee credits YoKo Kho for reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "4.0.0.0",
"status": "affected",
"version": "4.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"datePublic": "2018-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting Exposure\n",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T11:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"source": {
"advisory": "TS102825",
"discovery": "USER"
},
"title": "True Key (TK) - Cross Site Scripting Exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6682",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - Cross Site Scripting Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "4.0.0.0",
"version_value": "4.0.0.0"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
]
},
"source": {
"advisory": "TS102825",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6682",
"datePublished": "2018-09-24T12:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6661 (GCVE-0-2018-6661)
Vulnerability from nvd – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
VLAI?
Title
TS102801 True Key DLL Side-Loading vulnerability
Summary
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
Severity ?
7.5 (High)
CWE
- DLL Side-Loading vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThan": "4.20.110",
"status": "affected",
"version": "4.20.110",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Side-Loading vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-02T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
},
"title": "TS102801 True Key DLL Side-Loading vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
"ID": "CVE-2018-6661",
"STATE": "PUBLIC",
"TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.20.110",
"version_value": "4.20.110"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
]
},
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6661",
"datePublished": "2018-04-02T13:00:00Z",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-09-16T18:13:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7299 (GCVE-0-2020-7299)
Vulnerability from cvelistv5 – Published: 2020-09-04 14:05 – Updated: 2024-09-16 19:05
VLAI?
Title
Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee,LLC | McAfee True Key Windows client |
Affected:
6.x , < 6.2.110.8
(custom)
|
Credits
McAfee credits nestedif for responsibly reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee True Key Windows client",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "6.2.110.8",
"status": "affected",
"version": "6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"datePublic": "2020-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T14:05:21",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2020-09-04T00:00:00.000Z",
"ID": "CVE-2020-7299",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure vulnerability in McAfee True Key Windows Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee True Key Windows client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.x",
"version_value": "6.2.110.8"
}
]
}
}
]
},
"vendor_name": "McAfee,LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits nestedif for responsibly reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user\u2019s passwords on the same machine via triggering a process dump in specific situations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp\u0026articleId=TS103066\u0026_afrLoop=1258314779734827\u0026leftWidth=0%25\u0026showFooter=false\u0026showHeader=false\u0026rightWidth=0%25\u0026centerWidth=100%25"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7299",
"datePublished": "2020-09-04T14:05:21.286070Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from cvelistv5 – Published: 2019-02-13 17:00 – Updated: 2024-09-16 18:24
VLAI?
Title
True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Severity ?
5.6 (Medium)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | True Key (TK) |
Affected:
3.1 , ≤ 3.1.9211.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Chrome, Edge and Firefox"
],
"product": "True Key (TK)",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "3.1.9211.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
"ID": "CVE-2019-3610",
"STATE": "PUBLIC",
"TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "Chrome, Edge and Firefox",
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.9211.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3610",
"datePublished": "2019-02-13T17:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6757 (GCVE-0-2018-6757)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Privilege Escalation vulnerability
Summary
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- Privilege Escalation vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Privilege Escalation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6757",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Privilege Escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6757",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6756 (GCVE-0-2018-6756)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Authentication Abuse vulnerability
Summary
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Severity ?
7.8 (High)
CWE
- Authentication Abuse vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Abuse vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Authentication Abuse vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6756",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Authentication Abuse vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Abuse vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6756",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6755 (GCVE-0-2018-6755)
Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) Windows Client - Weak Directory Permission Vulnerability
Summary
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.2 (High)
CWE
- Weak Directory Permission Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "5.1.230.7",
"status": "affected",
"version": "5.1.230.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Directory Permission\u00a0Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "45961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
],
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
},
"title": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6755",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) Windows Client - Weak Directory Permission\u00a0Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.1.230.7",
"version_value": "5.1.230.7"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee acknowledges James Forshaw of Google Project Zero for finding these vulnerabilities with the True Key product."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Directory Permission\u00a0Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45961/"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102872"
}
]
},
"source": {
"advisory": "TS102872",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6755",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6700 (GCVE-0-2018-6700)
Vulnerability from cvelistv5 – Published: 2018-09-24 13:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
Severity ?
7.5 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
5.1.165 , < 5.1.165
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "5.1.165",
"status": "affected",
"version": "5.1.165",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
],
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
},
"title": "True Key (TK) - DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6700",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "x86",
"version_affected": "\u003c",
"version_name": "5.1.165",
"version_value": "5.1.165"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846"
}
]
},
"source": {
"advisory": "TS102846",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6700",
"datePublished": "2018-09-24T13:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6682 (GCVE-0-2018-6682)
Vulnerability from cvelistv5 – Published: 2018-09-24 12:00 – Updated: 2024-08-05 06:10
VLAI?
Title
True Key (TK) - Cross Site Scripting Exposure
Summary
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
Severity ?
5.9 (Medium)
CWE
- Cross Site Scripting Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | True Key (TK) |
Affected:
4.0.0.0 , ≤ 4.0.0.0
(custom)
|
Credits
McAfee credits YoKo Kho for reporting this flaw.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "True Key (TK)",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "4.0.0.0",
"status": "affected",
"version": "4.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"datePublic": "2018-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting Exposure\n",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T11:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
],
"source": {
"advisory": "TS102825",
"discovery": "USER"
},
"title": "True Key (TK) - Cross Site Scripting Exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6682",
"STATE": "PUBLIC",
"TITLE": "True Key (TK) - Cross Site Scripting Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "4.0.0.0",
"version_value": "4.0.0.0"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits YoKo Kho for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Exposure\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825"
}
]
},
"source": {
"advisory": "TS102825",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6682",
"datePublished": "2018-09-24T12:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6661 (GCVE-0-2018-6661)
Vulnerability from cvelistv5 – Published: 2018-04-02 13:00 – Updated: 2024-09-16 18:13
VLAI?
Title
TS102801 True Key DLL Side-Loading vulnerability
Summary
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
Severity ?
7.5 (High)
CWE
- DLL Side-Loading vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Key",
"vendor": "McAfee",
"versions": [
{
"lessThan": "4.20.110",
"status": "affected",
"version": "4.20.110",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Side-Loading vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-02T12:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
],
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
},
"title": "TS102801 True Key DLL Side-Loading vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2018-03-31T00:00:00.000Z",
"ID": "CVE-2018-6661",
"STATE": "PUBLIC",
"TITLE": "TS102801 True Key DLL Side-Loading vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.20.110",
"version_value": "4.20.110"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Side-Loading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"
}
]
},
"source": {
"advisory": "TS102801",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6661",
"datePublished": "2018-04-02T13:00:00Z",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-09-16T18:13:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}