Home/Product/mcafee enterprise security manager
Product

mcafee enterprise security manager

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-11482
all versions
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution thr
9.8CRITICAL
 CVE-2024-11481
all versions
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of p
8.2HIGH
 CVE-2023-6071
< 11.6.9
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote admi
8.4HIGH
 CVE-2023-6070
< 11.6.8
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload ar
4.3MEDIUM
 CVE-2023-3314
< 11.6.7
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of
8.1HIGH
 CVE-2023-3313
< 11.6.7
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have
7.8HIGH
 CVE-2019-3644
all versions
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to
7.5HIGH
 CVE-2019-3643
all versions
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to
5.3MEDIUM
 CVE-2019-3632
< 10.4.0
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authentic
8.8HIGH
 CVE-2019-3631
< 10.4.0
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticat
7.2HIGH
 CVE-2019-3630
< 10.4.0
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticat
7.2HIGH
 CVE-2019-3629
< 10.4.0
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows
6.5MEDIUM
 CVE-2019-3628
>= 11.0.0 and < 11.2.0
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to
8.8HIGH
 CVE-2015-7704
< 10.4.0
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe
7.5HIGH
 CVE-2016-1992
<= 6.8
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive informa
6.5MEDIUM
 CVE-2015-7310
<= 9.3.2
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receive
 CVE-2012-4350
<= 10.0
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security
 CVE-2007-2896
all versions
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remot
 CVE-2007-2375
all versions
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity
 CVE-2006-4314
all versions
The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin