CVE-2019-3632

Name of the Vulnerable Software and Affected Versions McAfee Enterprise Security Manager versions prior to 11.2.0 McAfee Enterprise Security Manager versions prior to 10.4.0

Description The issue is related to a Directory Traversal vulnerability. It allows an authenticated user to gain elevated privileges via specially crafted input. The vulnerability exists due to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to elevate their privileges.

Recommendations For versions prior to 11.2.0, update to version 11.2.0 or later to resolve the issue. For versions prior to 10.4.0, update to version 10.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.