CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-23885

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile2.61th
Published2021年2月17日
Last Modified2024年11月21日

Vulnerability Description

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

Affected Platforms (CPE)

📦
Mcafee

Web Gateway

< 8.2.17
📦
Mcafee

Web Gateway

>= 9.2 and < 9.2.8
📦
Mcafee

Web Gateway

>= 10.0 and < 10.0.4

References & Advisories

🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10349
🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10349

関連する脆弱性情報

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2020-202110.0

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...

CVE-2010-473310.0

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom N...