Vulnerabilities for Application and change control (...) - CXSECURITY.COM

Vulnerabilities for 'Application and change control'

2022-01-04

CVE-2021-31833

CWE-269

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.

2020-10-15

CVE-2020-7334

CWE-269

Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.

2020-08-26

CVE-2020-7309

CWE-79

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

2020-03-26

CVE-2020-7260

CWE-426

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.

2018-09-18

CVE-2017-3912

CWE-287

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.

>>> Vendor: Mcafee 136 Products

Remote desktop 32

Epolicy orchestrator

Entercept agent

Antivirus engine

Security installer control system

Internet security suite

Intrushield security management system

Virusscan security center

Common management agent

Virusscan enterprise

Epolicy orchestrator agent

Personal firewall plus

Privacy service

Security center

Wireless home network security

Protectionpilot

E-business server

Securitycenter agent

Mcafee framework

Encrypted usb manager

Safeboot device encryption

Active virus defense

Active virusscan

Securityshield for email servers

Securityshield for microsoft isa server

Securityshield for microsoft sharepoint

Total protection

Total protection for endpoint

Virusscan commandline

Email and web security appliance

Intrushield network security manager

Unified threat management firewall firmware

Saas endpoint protection

Host data loss prevention

Firewall reporter

Email and web security

Enterprise mobility manager

Enterprise mobility manager agent

Application control

Mcafee virtual technician

Epo mcafee virtual technician

Total protection 2010

Vulnerability manager

Cloud identity manager

Cloud single sign on

Network security manager

Network data loss prevention

Endpoint encryption for files and folders

Mcafee file and removable media protection

File and removable media protection

Data loss prevention endpoint

Advanced threat defense

Epo deep command

Threat intelligence exchange

Enterprise security manager

Enterprise security manager/log manager

Enterprise security manager/receiver

Mcafee enterprise security manager

Active response

Data exchange layer

Endpoint security

Host intrusion prevention

Smartfilter administration

Security information and event management

Security scan plus

Host intrusion prevention services

Cloud analysis and deconstructive services

Security webadvisor

Saas control console platform

See all Products for Vendor Mcafee

Copyright 2024, cxsecurity.com