CVE-2019-3640 — MEDIUM (4.8)

Q: How severe is CVE-2019-3640?

CVE-2019-3640 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3640?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Data Loss Prevention.

Vulnerability Description

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mcafee	Data Loss Prevention	>= 11.0.0, <= 11.4.0

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2019-3640?

CVE-2019-3640 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server...

How severe is CVE-2019-3640?

CVE-2019-3640 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3640?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Data Loss Prevention.