CVE-2019-3638 HIGH

CVE-2019-3638: Web Gateway (MWG) - Reflected Cross Site Scripting vulnerability

Vendor Mcafee
Product Web Gateway(MWG)
Published September 12, 2019
Last update August 4, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

Key dates

02Disclosure timeline

September 12, 2019 CVE published
August 4, 2024 Record updated