CVE-2020-7292

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

Published: Jul 15, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7292
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-838

Affected Software
References

Software	From	Fixed in
mcafee / web_gateway	9.0.0	9.2.1
mcafee / web_gateway	8.2.0	8.2.9
mcafee / web_gateway	7.8.0	7.8.2.22

https://kc.mcafee.com/corporate/index?page=content&id=SB10323

Vulnerability Database

289,697

CVE-2020-7292