CVE-2020-7270 is a vulnerability in McAfee Advanced Threat Defense
Published on April 15, 2021

Sensitive Information Exposure in McAfee ATD
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2020-7270 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2020-7270

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-7270 are published in McAfee Advanced Threat Defense:

McAfee Advanced Threat Defense

Affected Versions

McAfee,LLC McAfee Advanced Threat Defense (ATD):

Version unspecified and below 4.12.2 is affected.

Exploit Probability

EPSS

0.18%

Percentile

38.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.