CVE-2019-3661: Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
First published: Wed Nov 13 2019(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Advanced Threat Defense | <4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3661?
CVE-2019-3661 is a vulnerability found in McAfee Advanced Threat Defense (ATD) prior to version 4.8 that allows remote authenticated attackers to execute database commands through SQL Injection.
How severe is CVE-2019-3661?
CVE-2019-3661 has a severity rating of 8.8 (high).
What is SQL Injection?
SQL Injection is a type of attack that allows malicious users to execute arbitrary SQL commands on a vulnerable website or application.
How can I fix CVE-2019-3661?
To fix CVE-2019-3661, you should update McAfee Advanced Threat Defense to version 4.8 or above.
Where can I find more information about CVE-2019-3661?
You can find more information about CVE-2019-3661 on McAfee's official website: https://kc.mcafee.com/corporate/index?page=content&id=SB10304
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee advanced threat defense