exploitDog

CVE-2021-23884

Опубликовано: 15 апр. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 2.7

EPSS Низкий

Описание

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10353
Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10353
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mcafee:content_security_reporter:*:*:*:*:*:*:*:*

Версия до 2.8.0 (исключая)

EPSS

Процентиль: 15%

0.0005

Низкий

4.3 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-319

CWE-319

Связанные уязвимости

GHSA-66g2-w3xc-xqx7

CVSS3: 4.3

github

больше 3 лет назад

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

EPSS

Процентиль: 15%

0.0005

Низкий

4.3 Medium

CVSS3

2.7 Low

CVSS2

Дефекты

CWE-319

CWE-319