Search criteria
2 vulnerabilities found for Web Gateway(MWG) by McAfee
CVE-2019-3638 (GCVE-0-2019-3638)
Vulnerability from cvelistv5 – Published: 2019-09-12 15:14 – Updated: 2024-08-04 19:12
VLAI?
Title
Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability
Summary
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
Severity ?
8.1 (High)
CWE
- Reflected Cross Site Scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | Web Gateway(MWG) |
Affected:
7.8.x , < 7.8.2.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Gateway(MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.2.13",
"status": "affected",
"version": "7.8.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator\u0027s credentials via tricking the administrator to click on a carefully constructed malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:14:29",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
],
"source": {
"advisory": "SB10294",
"discovery": "EXTERNAL"
},
"title": "Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3638",
"STATE": "PUBLIC",
"TITLE": "Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Gateway(MWG)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.8.x",
"version_value": "7.8.2.13"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator\u0027s credentials via tricking the administrator to click on a carefully constructed malicious link."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
]
},
"source": {
"advisory": "SB10294",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3638",
"datePublished": "2019-09-12T15:14:29",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3638 (GCVE-0-2019-3638)
Vulnerability from nvd – Published: 2019-09-12 15:14 – Updated: 2024-08-04 19:12
VLAI?
Title
Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability
Summary
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.
Severity ?
8.1 (High)
CWE
- Reflected Cross Site Scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | Web Gateway(MWG) |
Affected:
7.8.x , < 7.8.2.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Gateway(MWG)",
"vendor": "McAfee",
"versions": [
{
"lessThan": "7.8.2.13",
"status": "affected",
"version": "7.8.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator\u0027s credentials via tricking the administrator to click on a carefully constructed malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:14:29",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
],
"source": {
"advisory": "SB10294",
"discovery": "EXTERNAL"
},
"title": "Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3638",
"STATE": "PUBLIC",
"TITLE": "Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Gateway(MWG)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.8.x",
"version_value": "7.8.2.13"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator\u0027s credentials via tricking the administrator to click on a carefully constructed malicious link."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10294"
}
]
},
"source": {
"advisory": "SB10294",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3638",
"datePublished": "2019-09-12T15:14:29",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}