Vendor scorecard
Trellix/McAfee
Trellix/McAfee security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: trellix, mcafee
Product families
2
Open in latest
38
Inferred — see methodology
Last disclosure
Apr 20, 2022
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Network Security / IPSNGFW / Network Security · Network Detection / IDS-IPSnetwork_security_manager, network_security_platform, intrusion_prevention_system | 1 | 14 | 7.1\(7\)e4MED | ||
| Web/Email GatewayNGFW / Network Securityweb_gateway, email_gateway | 1 | 24 | 7.6.406MED |
02
Recent CVEs
3 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2022-1254(opens NVD record) | Medium | 6.1 | A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. | Apr 20, 2022 |
| CVE-2021-45105(opens NVD record) | Medium | 5.9 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | Dec 18, 2021 |
| CVE-2021-4038(opens NVD record) | Medium | 4.8 | Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | Dec 9, 2021 |
2 CVEs · 2 product families