Cleartext Storage of Sensitive Information

CVE-2019-3606

High

7.7/10

Summary

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

Published Mar 26, 2019

Cleartext Storage of Sensitive Information

CVE-2019-3606

Summary

CWE-312 - Cleartext Storage of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS