Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for common_catalog by mcafee
CVE-2018-6670 (GCVE-0-2018-6670)
Vulnerability from cvelistv5 – Published: 2018-06-07 18:00 – Updated: 2024-08-05 06:10
VLAI
EPSS
VEX
Title
External Entity Attack vulnerability in McAfee Common UI (CUI)
Summary
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
Severity
7.6 (High)
CWE
- External Entity Attack vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Common UI (CUI) |
Affected:
2.0.2
|
Date Public
2018-05-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Common UI (CUI)",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
}
],
"datePublic": "2018-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "External Entity Attack vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T17:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
],
"source": {
"advisory": "SB10236",
"discovery": "EXTERNAL"
},
"title": "External Entity Attack vulnerability in McAfee Common UI (CUI)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6670",
"STATE": "PUBLIC",
"TITLE": "External Entity Attack vulnerability in McAfee Common UI (CUI)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Common UI (CUI)",
"version": {
"version_data": [
{
"platform": "x86",
"version_name": "2.0.2",
"version_value": "2.0.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External Entity Attack vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
]
},
"source": {
"advisory": "SB10236",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6670",
"datePublished": "2018-06-07T18:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:11.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6670 (GCVE-0-2018-6670)
Vulnerability from nvd – Published: 2018-06-07 18:00 – Updated: 2024-08-05 06:10
VLAI
EPSS
VEX
Title
External Entity Attack vulnerability in McAfee Common UI (CUI)
Summary
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
Severity
7.6 (High)
CWE
- External Entity Attack vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | Common UI (CUI) |
Affected:
2.0.2
|
Date Public
2018-05-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Common UI (CUI)",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
}
],
"datePublic": "2018-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "External Entity Attack vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T17:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
],
"source": {
"advisory": "SB10236",
"discovery": "EXTERNAL"
},
"title": "External Entity Attack vulnerability in McAfee Common UI (CUI)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6670",
"STATE": "PUBLIC",
"TITLE": "External Entity Attack vulnerability in McAfee Common UI (CUI)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Common UI (CUI)",
"version": {
"version_data": [
{
"platform": "x86",
"version_name": "2.0.2",
"version_value": "2.0.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits \u0141ukasz Juszczyk from ING Business Shared Services B.V. for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External Entity Attack vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10236"
}
]
},
"source": {
"advisory": "SB10236",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6670",
"datePublished": "2018-06-07T18:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:11.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}