{"api_version":"1","generated_at":"2026-04-22T22:49:22+00:00","cve":"CVE-2019-3651","urls":{"html":"https://cve.report/CVE-2019-3651","api":"https://cve.report/api/cve/CVE-2019-3651.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-3651","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-3651"},"summary":{"title":"CVE-2019-3651","description":"Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.","state":"PUBLIC","assigner":"psirt@mcafee.com","published_at":"2019-11-13 23:15:00","updated_at":"2023-11-07 03:10:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10304","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10304","refsource":"MISC","tags":["Vendor Advisory"],"title":"McAfee Security Bulletin - Advanced Threat Defense update fixes seven vulnerabilities (CVE-2019-3649, CVE-2019-3650, CVE-2019-3651, CVE-2019-3660, CVE-2019-3661, CVE-2019-3662, and CVE-2019-3663)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-3651","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3651","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"3651","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"advanced_threat_defense","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3651","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"advanced_threat_defense","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","ID":"CVE-2019-3651","STATE":"PUBLIC","TITLE":"Advanced Threat Defense (ATD) - Information Disclosure vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Advanced Threat Defense (ATD)","version":{"version_data":[{"version_affected":"<","version_value":"4.8"}]}}]},"vendor_name":"McAfee"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure vulnerability"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10304","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10304"}]},"source":{"advisory":"SB10304","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2019-11-13 23:15:00","lastModifiedDate":"2023-11-07 03:10:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:advanced_threat_defense:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"3651","Ordinal":"141259","Title":"CVE-2019-3651","CVE":"CVE-2019-3651","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"3651","Ordinal":"1","NoteData":"Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"3651","Ordinal":"2","NoteData":"2019-11-13","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"3651","Ordinal":"3","NoteData":"2019-11-14","Type":"Other","Title":"Modified"}]}}}