Details of VAR-201908-0077

ID

VAR-201908-0077

CVE

CVE-2019-3639

TITLE

McAfee Web Gateway Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008570

DESCRIPTION

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. McAfee Web Gateway (MWG) Contains an input validation vulnerability.Information may be obtained and information may be altered. The product provides features such as threat protection, application control, and data loss prevention. McAfee MWG 7.8.2.x prior to MWG 7.8.2.12 has a security vulnerability in the administrator web console. Attackers can use this vulnerability to hijack click operations by means of specially crafted web pages with iframe tags

Trust: 1.71

sources: NVD: CVE-2019-3639 // JVNDB: JVNDB-2019-008570 // VULHUB: VHN-155074

AFFECTED PRODUCTS

vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.12	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.2.12	Trust: 0.8
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.x	Trust: 0.8

sources: JVNDB: JVNDB-2019-008570 // NVD: CVE-2019-3639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3639
value:	HIGH
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2019-3639
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3639
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1074
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155074
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3639
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155074
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3639
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-155074 // JVNDB: JVNDB-2019-008570 // CNNVD: CNNVD-201908-1074 // NVD: CVE-2019-3639 // NVD: CVE-2019-3639

PROBLEMTYPE DATA

problemtype:	CWE-1021	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-155074 // JVNDB: JVNDB-2019-008570 // NVD: CVE-2019-3639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1074

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1074

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008570

PATCH

title:	SB10293	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10293	Trust: 0.8
title:	McAfee Web Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96747	Trust: 0.6

sources: JVNDB: JVNDB-2019-008570 // CNNVD: CNNVD-201908-1074

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3639	Trust: 2.5
db:	MCAFEE	id:	SB10293	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-008570	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1074	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3126	Trust: 0.6
db:	CNVD	id:	CNVD-2020-17036	Trust: 0.1
db:	VULHUB	id:	VHN-155074	Trust: 0.1

sources: VULHUB: VHN-155074 // JVNDB: JVNDB-2019-008570 // CNNVD: CNNVD-201908-1074 // NVD: CVE-2019-3639

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10293	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3639	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3639	Trust: 0.8
url:	https://vigilance.fr/vulnerability/mcafee-web-gateway-two-vulnerabilities-30049	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3126/	Trust: 0.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10293	Trust: 0.1

sources: VULHUB: VHN-155074 // JVNDB: JVNDB-2019-008570 // CNNVD: CNNVD-201908-1074 // NVD: CVE-2019-3639

SOURCES

db:	VULHUB	id:	VHN-155074
db:	JVNDB	id:	JVNDB-2019-008570
db:	CNNVD	id:	CNNVD-201908-1074
db:	NVD	id:	CVE-2019-3639

LAST UPDATE DATE

2024-11-23T22:51:42.376000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155074	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008570	date:	2019-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201908-1074	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-3639	date:	2024-11-21T04:42:16.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155074	date:	2019-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-008570	date:	2019-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201908-1074	date:	2019-08-14T00:00:00
db:	NVD	id:	CVE-2019-3639	date:	2019-08-14T17:15:11.503