First published: Wed Nov 13 2019(Updated: )
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Advanced Threat Defense | <4.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3650 is an information disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to version 4.8.
CVE-2019-3650 allows remote authenticated attackers to gain access to the atduser credentials by exploiting a carefully constructed GET request and extracting insecurely stored information in the database.
The severity of CVE-2019-3650 is medium with a CVSS score of 6.5.
To fix CVE-2019-3650, update McAfee Advanced Threat Defense to version 4.8 or later.
More information about CVE-2019-3650 can be found on the official McAfee Knowledge Center at https://kc.mcafee.com/corporate/index?page=content&id=SB10304.