Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-23884

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

Published

2021-04-15T08:15:14.510

Last Modified

2024-11-21T05:52:00.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

5.1

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-319
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	content_security_reporter	< 2.8.0	Yes

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10353 Broken Link ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10353 Broken Link (af854a3a-2127-422b-91ae-364da2661108)