Skip to main content

Enterprise Security Manager

17 CVEs product

Monthly

CVE-2024-11482 CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-11481 HIGH This Week

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-6071 HIGH This Week

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-6070 MEDIUM This Month

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Security Manager
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-3314 HIGH This Week

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3313 HIGH This Week

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-3644 HIGH This Week

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Response Advanced Threat Defense Enterprise Security Manager Web Gateway
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-3643 HIGH This Week

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Response Advanced Threat Defense Enterprise Security Manager Web Gateway
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-3632 HIGH This Week

Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-3631 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3630 HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-3629 MEDIUM This Month

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Security Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-3628 HIGH This Week

Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2015-7704 HIGH Act Now

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

Denial Of Service Ntp Debian Linux Oncommand Performance Manager Oncommand Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2016-1992 MEDIUM PATCH This Month

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Enterprise Security Manager Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-7310 MEDIUM This Month

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager Enterprise Security Manager Log Manager Enterprise Security Manager Receiver
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2012-4350 HIGH This Week

Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Enterprise Security Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Security Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Enterprise Security Manager
NVD
EPSS 2% CVSS 7.5
HIGH This Week

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Response Advanced Threat Defense +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Response Advanced Threat Defense +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Security Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Security Manager
NVD
EPSS 14% CVSS 7.5
HIGH Act Now

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

Denial Of Service Ntp Debian Linux +12
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Enterprise Security Manager Enterprise Security Manager Express
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager Enterprise Security Manager Log Manager +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Enterprise Security Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy