CVE-2019-3638

Name of the Vulnerable Software and Affected Versions McAfee Web Gateway versions 7.8.x prior to 7.8.2.13

Description The issue allows remote attackers to collect sensitive information or execute commands with the administrator's credentials by tricking the administrator into clicking on a malicious link. This is a Reflected Cross Site Scripting vulnerability in the Administrators web console.

Recommendations For McAfee Web Gateway versions 7.8.x prior to 7.8.2.13, update to version 7.8.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administrators web console to minimize the risk of exploitation. Avoid clicking on suspicious links, especially those that may be constructed to exploit this vulnerability.