RSS   Vulnerabilities for 'Web gateway'   RSS

2021-02-17
 
CVE-2021-23885

CWE-269
 

 
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

 
2020-09-16
 
CVE-2020-7297

CWE-287
 

 
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.

 
2020-09-15
 
CVE-2020-7296

CWE-287
 

 
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.

 
 
CVE-2020-7295

CWE-287
 

 
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.

 
 
CVE-2020-7294

CWE-287
 

 
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.

 
 
CVE-2020-7293

CWE-287
 

 
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

 
2020-07-15
 
CVE-2020-7292

CWE-116
 

 
Inappropriate Encoding for output context in McAfee Web Gateway (MWG) prior to 9.2.1 allows remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

 
2019-09-12
 
CVE-2019-3638

CWE-79
 

 
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

 
2019-09-11
 
CVE-2019-3644

CWE-20
 

 
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

 
 
CVE-2019-3643

CWE-20
 

 
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.

 


Copyright 2021, cxsecurity.com

 

Back to Top