cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-1254,https://securityvulnerability.io/vulnerability/CVE-2022-1254,SWG URL redirection vulnerability,"A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.","McAfee,LLC",Secure Web Gateway,6.1,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2022-04-20T13:00:17.000Z,0
CVE-2021-23885,https://securityvulnerability.io/vulnerability/CVE-2021-23885,Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI,Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.,"Mcafee,llc",Mcafee Web Gateway (mwg),9,CRITICAL,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-02-17T09:20:14.000Z,0
CVE-2020-7297,https://securityvulnerability.io/vulnerability/CVE-2020-7297,Web Gateway (MWG) - Privilege Escalation vulnerability,Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.,Mcafee,Mcafee Web Gateway (mwg),5.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-16T00:15:00.000Z,0
CVE-2020-7294,https://securityvulnerability.io/vulnerability/CVE-2020-7294,Web Gateway (MWG) - Privilege Escalation vulnerability,Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.,Mcafee,Mcafee Web Gateway (mwg),4.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-15T23:15:00.000Z,0
CVE-2020-7293,https://securityvulnerability.io/vulnerability/CVE-2020-7293,Web Gateway (MWG) - Privilege Escalation vulnerability,Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface.,Mcafee,Mcafee Web Gateway (mwg),9,CRITICAL,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-15T23:15:00.000Z,0
CVE-2020-7295,https://securityvulnerability.io/vulnerability/CVE-2020-7295,Web Gateway (MWG) - Privilege Escalation vulnerability,Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.,Mcafee,Mcafee Web Gateway (mwg),3.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-15T23:15:00.000Z,0
CVE-2020-7296,https://securityvulnerability.io/vulnerability/CVE-2020-7296,Web Gateway (MWG) - Privilege Escalation vulnerability,Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.,Mcafee,Mcafee Web Gateway (mwg),5.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-15T23:15:00.000Z,0
CVE-2020-7292,https://securityvulnerability.io/vulnerability/CVE-2020-7292,Web Gateway (MWG) - Inappropriate Encoding for output context,Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.,Mcafee,Mcafee Web Gateway (mwg),4.3,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2020-07-15T14:50:14.000Z,0
CVE-2019-3638,https://securityvulnerability.io/vulnerability/CVE-2019-3638,Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability,Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.,Mcafee,Web Gateway(mwg),8.1,HIGH,0.006810000166296959,false,,false,false,false,,,false,false,,2019-09-12T15:14:29.000Z,0
CVE-2019-3644,https://securityvulnerability.io/vulnerability/CVE-2019-3644,MWG scanners updated to address CVE-2019-9517,"McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.","Mcafee, Llc",Mcafee Web Gateway (mwg),7.5,HIGH,0.0021699999924749136,false,,false,false,false,,,false,false,,2019-09-11T14:08:37.000Z,0
CVE-2019-3643,https://securityvulnerability.io/vulnerability/CVE-2019-3643,MWG scanners updated to address CVE-2019-9511,"McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.","Mcafee, Llc",Mcafee Web Gateway (mwg),5.3,MEDIUM,0.0021699999924749136,false,,false,false,false,,,false,false,,2019-09-11T14:08:19.000Z,0
CVE-2019-3639,https://securityvulnerability.io/vulnerability/CVE-2019-3639," MWG UI: Cross-Frame Scripting vulnerability",Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.,"Mcafee, Llc",Mcafee Web Gateway (mwg),7.1,HIGH,0.004110000096261501,false,,false,false,false,,,false,false,,2019-08-14T16:20:39.000Z,0
CVE-2019-3635,https://securityvulnerability.io/vulnerability/CVE-2019-3635,MWG Proxy: Cross-Frame Scripting vulnerability,Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.,"Mcafee, Llc",Mcafee Web Gateway (mwg),4.3,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2019-08-14T16:18:50.000Z,0
CVE-2019-3581,https://securityvulnerability.io/vulnerability/CVE-2019-3581,McAfee Web Gateway denial of service attack due to Improper Input Validation,Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.,Mcafee,Mcafee Web Gateway,7.5,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2019-01-09T14:00:00.000Z,0
CVE-2018-6678,https://securityvulnerability.io/vulnerability/CVE-2018-6678,McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability,Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.,Mcafee,Mcafee Web Gateway (mwg),3.4,LOW,0.0008399999933317304,false,,false,false,false,,,false,false,,2018-07-23T13:00:00.000Z,0
CVE-2018-6677,https://securityvulnerability.io/vulnerability/CVE-2018-6677,McAfee Web Gateway (MWG) - Directory Traversal vulnerability,Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.,Mcafee,Mcafee Web Gateway (mwg),7.6,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2018-07-23T13:00:00.000Z,0
CVE-2018-6667,https://securityvulnerability.io/vulnerability/CVE-2018-6667,McAfee Web Gateway - Authentication Bypass vulnerability,Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).,Mcafee,Web Gateway,10,CRITICAL,0.03043000027537346,false,,false,false,false,,,false,false,,2018-06-26T17:00:00.000Z,0
CVE-2014-6064,https://securityvulnerability.io/vulnerability/CVE-2014-6064,,The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.,Mcafee,Web Gateway,,,0.0017099999822676182,false,,false,false,false,,,false,false,,2014-09-02T14:00:00.000Z,0
CVE-2014-2535,https://securityvulnerability.io/vulnerability/CVE-2014-2535,,"Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.",Mcafee,Web Gateway,,,0.001550000044517219,false,,false,false,false,,,false,false,,2014-03-18T14:00:00.000Z,0
CVE-2012-4581,https://securityvulnerability.io/vulnerability/CVE-2012-4581,,"McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a ""Logout Failure"" issue.",Mcafee,"Email And Web Security,Email Gateway",,,0.004149999935179949,false,,false,false,false,,,false,false,,2012-08-22T10:42:00.000Z,0
CVE-2012-4580,https://securityvulnerability.io/vulnerability/CVE-2012-4580,,"Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.",Mcafee,"Email And Web Security,Email Gateway",,,0.0012199999764561653,false,,false,false,false,,,false,false,,2012-08-22T10:42:00.000Z,0
CVE-2012-4586,https://securityvulnerability.io/vulnerability/CVE-2012-4586,,"McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.",Mcafee,"Email And Web Security,Email Gateway",,,0.00107999995816499,false,,false,false,false,,,false,false,,2012-08-22T10:42:00.000Z,0
CVE-2012-4585,https://securityvulnerability.io/vulnerability/CVE-2012-4585,,"McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.",Mcafee,"Email And Web Security,Email Gateway",,,0.0011599999852478504,false,,false,false,false,,,false,false,,2012-08-22T10:00:00.000Z,0
CVE-2012-4595,https://securityvulnerability.io/vulnerability/CVE-2012-4595,,"McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.",Mcafee,"Email And Web Security,Email Gateway",,,0.006240000016987324,false,,false,false,false,,,false,false,,2012-08-22T10:00:00.000Z,0
CVE-2012-4582,https://securityvulnerability.io/vulnerability/CVE-2012-4582,,"McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.",Mcafee,"Email And Web Security,Email Gateway",,,0.0011599999852478504,false,,false,false,false,,,false,false,,2012-08-22T10:00:00.000Z,0