CVE-2019-3619 - OpenCVE

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Epolicy Orchestrator

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:::::::*
	cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:::::::*
	cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:::::::*
	cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1::::::
	cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2::::::
	cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/109066
https://kc.mcafee.com/corporate/index?page=content&id=SB10286

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2019-07-03T13:40:04

Updated: 2024-08-04T19:12:09.665Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3619

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-03T14:15:10.450

Modified: 2023-11-07T03:10:01.380

Link: CVE-2019-3619

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee ePolicy Orchestrator (ePO)", "vendor": "McAfee, LLC", "versions": [{"lessThan": "5.10.0 Update 4", "status": "affected", "version": "5.9.x and 5.10.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Information disclosure vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T15:06:04", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10286"}, {"name": "109066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109066"}], "source": {"defect": ["McAfee", "ePO", "Agent", "Handler", "does", "not", "always", "enforce", "TLS"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2019-3619", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee ePolicy Orchestrator (ePO)", "version": {"version_data": [{"version_affected": "<", "version_name": "5.9.x and 5.10.0", "version_value": "5.10.0 Update 4"}]}}]}, "vendor_name": "McAfee, LLC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10286", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10286"}, {"name": "109066", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109066"}]}, "source": {"defect": ["McAfee", "ePO", "Agent", "Handler", "does", "not", "always", "enforce", "TLS"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.665Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10286"}, {"name": "109066", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109066"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2019-3619", "datePublished": "2019-07-03T13:40:04", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:12:09.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBE158C6-F59B-47CB-B525-B2F33BAD32F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server."}, {"lang": "es", "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el administrador de agentes en McAfee ePolicy Orchestrator (ePO) versi\u00f3n 5.9.x y 5.10.0 anterior a la versi\u00f3n 5.10.0 La actualizaci\u00f3n 4 permite que un atacante remoto no autenticado vea informaci\u00f3n confidencial en texto sin formato mediante el rastreo del tr\u00e1fico entre el administrador de agentes y el SQL servidor."}], "id": "CVE-2019-3619", "lastModified": "2023-11-07T03:10:01.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2019-07-03T14:15:10.450", "references": [{"source": "trellixpsirt@trellix.com", "url": "http://www.securityfocus.com/bid/109066"}, {"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10286"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}