VYPR

Web Gateway

by McAfee

CVEs (31)

  • CVE-2020-7293Sep 15, 2020
    risk 0.00cvss epss 0.01

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.

  • CVE-2020-7292Jul 15, 2020
    risk 0.00cvss epss 0.01

    Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

  • CVE-2019-3638Sep 12, 2019
    risk 0.00cvss epss 0.02

    Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to…

  • CVE-2019-3644Sep 11, 2019
    risk 0.00cvss epss 0.02

    McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

  • CVE-2019-3643Sep 11, 2019
    risk 0.00cvss epss 0.02

    McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.

  • CVE-2019-3639Aug 14, 2019
    risk 0.00cvss epss 0.01

    Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.

  • CVE-2019-3635Aug 14, 2019
    risk 0.00cvss epss 0.01

    Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.

  • CVE-2019-3581Jan 9, 2019
    risk 0.00cvss epss 0.02

    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.

  • CVE-2014-6064Sep 2, 2014
    risk 0.00cvss epss 0.01

    The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.

  • CVE-2014-2535Mar 18, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.

  • CVE-2012-2212Apr 28, 2012
    risk 0.00cvss epss 0.01

    McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details…

Page 2 of 2