Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
This signature spoofing by mixing signed and unsigned content vulnerability has been classified with a low base score of 2.7, a low impact score of 2.9 and a medium exploitability score of 5.1.
The economic impact provides a custom overview of the affected areas by this vulnerability. If there is a higher amount of predicted attacks, there is a higher probability to be affected by this vulnerability in this particular region.
Common Attack Pattern Enumeration and Classification (CAPEC) is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to deepen community understanding and enhance protection. The vulnerability has been classificated in 8 categories.
CPE is a structured naming scheme for information technology systems, software, and packages. Based on a common Uniform Resource Identifier (URI) syntax, CPE includes a formal naming format, a method for validating system names, and a description format for attaching text and tests to the name.