CVE-2019-3662

Name of the Vulnerable Software and Affected Versions McAfee Advanced Threat Defense versions prior to 4.8

Description The issue allows a remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. This is due to incorrect restriction of the pathname to a directory with limited access. The vulnerability can be exploited by sending specially formed HTTP requests, potentially giving an attacker access to files in the local file system.

Recommendations For versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the /absolute/pathname/here endpoint in HTTP requests until the issue is resolved.