First published: Thu Apr 15 2021(Updated: )
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Advanced Threat Defense | <4.12.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7269 is a vulnerability in the web interface of McAfee Advanced Threat Defense (ATD) prior to version 4.12.2 that allows remote authenticated users to view sensitive unencrypted information via a crafted HTTP request parameter.
The severity of CVE-2020-7269 is medium with a severity score of 4.3.
To mitigate the risk of CVE-2020-7269, update McAfee Advanced Threat Defense to version 4.12.2 or later.
You can find more information about CVE-2020-7269 in the McAfee knowledge base article SB10336.
CVE-2020-7269 is categorized as CWE-200, which is the classification for informational exposure.