CVE-2019-3651

Name of the Vulnerable Software and Affected Versions McAfee Advanced Threat Defense versions prior to 4.8

Description The issue allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. This is related to an information disclosure vulnerability and lack of protection for service data, which can allow an attacker to obtain unauthorized access to protected information.

Recommendations For versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the atduser credentials to minimize the risk of exploitation.