Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-03-26
Updated
2022-05-27
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
Max CVSS
8.6
EPSS Score
0.04%
Published
2020-07-03
Updated
2021-10-19
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-06-22
Updated
2022-07-01
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-06-15
Updated
2022-04-28
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.
Max CVSS
8.8
EPSS Score
0.31%
Published
2019-11-13
Updated
2021-07-21
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-11-13
Updated
2021-07-21
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-11-13
Updated
2021-07-21
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
Max CVSS
6.8
EPSS Score
0.19%
Published
2019-07-03
Updated
2020-08-24
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
Max CVSS
6.8
EPSS Score
0.07%
Published
2019-03-12
Updated
2020-08-24
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
Max CVSS
8.2
EPSS Score
0.04%
Published
2019-04-10
Updated
2023-02-03
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
Max CVSS
5.6
EPSS Score
0.04%
Published
2019-02-13
Updated
2019-10-09
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
Max CVSS
7.5
EPSS Score
0.40%
Published
2019-02-28
Updated
2022-04-05
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-06-15
Updated
2019-10-09
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-05-17
Updated
2017-07-08
Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-05-17
Updated
2017-07-08
Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-05-17
Updated
2017-07-08
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.
Max CVSS
9.8
EPSS Score
0.40%
Published
2018-04-03
Updated
2019-10-09
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
Max CVSS
7.5
EPSS Score
0.17%
Published
2017-10-31
Updated
2017-11-22
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
Max CVSS
5.9
EPSS Score
0.11%
Published
2017-10-31
Updated
2017-11-21

CVE-2015-0922

Public exploit
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
Max CVSS
5.0
EPSS Score
0.81%
Published
2015-01-09
Updated
2017-09-08
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-03-14
Updated
2017-03-23
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-10-29
Updated
2017-09-08
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-10-29
Updated
2014-10-30
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-10-29
Updated
2017-09-08
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.
Max CVSS
5.0
EPSS Score
0.39%
Published
2012-08-22
Updated
2017-08-29
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!