PT-2019-16637 · Mcafee · Mcafee Database Security

Published

2019-03-12

Updated

2020-08-24

CVE-2019-3615

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Database Security versions prior to 4.6.6

Description The issue allows local users to expose passwords via incorrectly auto-completing password fields in the admin browser login screen. This occurs due to a Data Leakage Attacks vulnerability in the web interface.

Recommendations For versions prior to 4.6.6, update to version 4.6.6 or later to resolve the issue. As a temporary workaround, consider disabling the auto-complete feature for password fields in the admin browser login screen until the update is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-3615

Affected Products

Mcafee Database Security

PT-2019-16637 · Mcafee · Mcafee Database Security

CVE-2019-3615

Weakness Enumeration

Related Identifiers

Affected Products

References · 4