CVE-2019-3660

EUVD-2019-13295
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
trellixCNA
8.4 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
mcafeeadvanced_threat_defense
𝑥
< 4.8
𝑥
= Vulnerable software versions
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10304
https://kc.mcafee.com/corporate/index?page=content&id=SB10304