CVE-2019-3660

Name of the Vulnerable Software and Affected Versions McAfee Advanced Threat Defense versions prior to 4.8

Description The issue is related to improper neutralization of HTTP requests, allowing a remote authenticated attacker to execute commands on the server via carefully constructed HTTP requests. This can enable an attacker to perform arbitrary commands by sending specially formed HTTP requests.

Recommendations For versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request handling mechanism to minimize the risk of exploitation.