Vulnerabilites related to McAfee, LLC - True Key (TK)
CVE-2019-3610 (GCVE-0-2019-3610)
Vulnerability from cvelistv5
Published
2019-02-13 17:00
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Data Leakage Attacks vulnerability
Summary
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107217 | vdb-entry, x_refsource_BID | |
| https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | True Key (TK) |
Version: 3.1 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Chrome, Edge and Firefox"
],
"product": "True Key (TK)",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "3.1.9211.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "107217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2019-02-13T15:00:00.000Z",
"ID": "CVE-2019-3610",
"STATE": "PUBLIC",
"TITLE": "True Key Browser Extension 3.1.9219.0 update fixes Sensitive Data Exposure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Key (TK)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "Chrome, Edge and Firefox",
"version_affected": "\u003c=",
"version_name": "3.1",
"version_value": "3.1.9211.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107217"
},
{
"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889",
"refsource": "CONFIRM",
"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3610",
"datePublished": "2019-02-13T17:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:24:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}