PT-2019-16647 · Mcafee · Mcafee Web Advisor

Published

2019-12-03

Updated

2019-12-12

CVE-2019-3666

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions McAfee Web Advisor versions prior to 4.1.1.48

Description The issue concerns an API Abuse/Misuse vulnerability in the web interface. This allows a remote unauthenticated attacker to bypass restrictions and navigate to restricted websites via a carefully crafted website.

Recommendations For versions prior to 4.1.1.48, update to version 4.1.1.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-3666

Affected Products

Mcafee Web Advisor

PT-2019-16647 · Mcafee · Mcafee Web Advisor

CVE-2019-3666

Related Identifiers

Affected Products

References · 3