CVE Vulnerabilities

CVE-2021-23884

Cleartext Transmission of Sensitive Information

Published: Apr 15, 2021 | Modified: Apr 21, 2021
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
2.7 LOW
AV:A/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

Weakness

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Content_security_reporter Mcafee * *

Potential Mitigations

References