Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee agent vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-3338
An External XML entity (XXE) vulnerability in ePO before 5.10 Update 14 can lead to an unauthenticated remote malicious user to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully con...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
6.5
CVSSv3
CVE-2022-2330
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows before 11.9.100 allows a remote malicious user to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML f...
Mcafee Data Loss Prevention Endpoint
7.3
CVSSv3
CVE-2022-2313
A DLL hijacking vulnerability in the MA Smart Installer for Windows before 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.
Mcafee Agent
7.8
CVSSv3
CVE-2022-1256
A local privilege escalation vulnerability in MA for Windows before 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges ...
Mcafee Agent
5.5
CVSSv3
CVE-2022-1257
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows before 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
Mcafee Agent
7.2
CVSSv3
CVE-2022-1258
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA before 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
Mcafee Agent
7.8
CVSSv3
CVE-2021-31854
A command Injection Vulnerability in McAfee Agent (MA) for Windows before 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature...
Mcafee Agent
7.8
CVSSv3
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent before 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and execute...
Mcafee Agent
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1182 Github repositories
28 Articles
7.1
CVSSv3
CVE-2021-31836
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows before 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
Mcafee Mcafee Agent
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »