CVE-2019-3649

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.

Published: Nov 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3649
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
mcafee / advanced_threat_defense	-	4.8

https://kc.mcafee.com/corporate/index?page=content&id=SB10304

Vulnerability Database

289,697

CVE-2019-3649