CVE-2019-3630: Command Injection could allow authenticated users to execute arbitrary code
First published: Thu Jun 27 2019(Updated: )
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Enterprise Security Manager | <10.4.0 | |
| McAfee Enterprise Security Manager | >=11.0.0<11.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3630?
CVE-2019-3630 is a Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 that allows authenticated users to execute arbitrary code via specially crafted parameters.
How does CVE-2019-3630 affect McAfee Enterprise Security Manager (ESM)?
CVE-2019-3630 affects McAfee Enterprise Security Manager (ESM) versions prior to 11.2.0 and prior to 10.4.0.
What is the severity of CVE-2019-3630?
CVE-2019-3630 has a severity rating of 7.2 (High).
What can an authenticated user do through CVE-2019-3630?
An authenticated user can execute arbitrary code through CVE-2019-3630 by using specially crafted parameters.
How can I fix the Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) CVE-2019-3630?
To fix CVE-2019-3630, update McAfee Enterprise Security Manager (ESM) to version 10.4.0 or later, or version 11.2.0 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee enterprise security manager
- version/mcafee enterprise security manager/11.0.0