CVE-2020-7270

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
trellixCNA
4.9 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
mcafeeadvanced_threat_defense
𝑥
< 4.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10336
https://kc.mcafee.com/corporate/index?page=content&id=SB10336