CVE-2019-3649: Advanced Threat Defense (ATD) - Information Disclosure vulnerability
First published: Wed Nov 13 2019(Updated: )
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Advanced Threat Defense | <4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3649?
CVE-2019-3649 is an information disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to version 4.8.
How does CVE-2019-3649 impact McAfee Advanced Threat Defense?
CVE-2019-3649 allows remote authenticated attackers to gain access to hashed credentials by extracting incorrectly recorded data from log files.
How can an attacker exploit CVE-2019-3649?
An attacker can exploit CVE-2019-3649 by sending carefully constructed POST requests to ATD servers.
What is the severity of CVE-2019-3649?
CVE-2019-3649 has a severity rating of 6.5 (medium).
How can I fix CVE-2019-3649?
To fix CVE-2019-3649, users should update McAfee Advanced Threat Defense to version 4.8 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee advanced threat defense