Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    38 vulnerabilities found for network_security_manager by mcafee

    CVE-2021-4038 (GCVE-0-2021-4038)

    Vulnerability from nvd – Published: 2021-12-09 15:55 – Updated: 2024-08-03 17:16
    VLAI
    Title
    NSM vulnerable to XSS
    Summary
    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee Network Security Manager (NSM) Affected: unspecified , < 10.7 M7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:03.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "10.7 M7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-09T15:55:17.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NSM vulnerable to XSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2021-4038",
              "STATE": "PUBLIC",
              "TITLE": "NSM vulnerable to XSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "10.7 M7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2021-4038",
        "datePublished": "2021-12-09T15:55:17.000Z",
        "dateReserved": "2021-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:03.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7256 (GCVE-0-2020-7256)

    Vulnerability from nvd – Published: 2020-03-18 21:05 – Updated: 2024-08-04 09:25
    VLAI
    Title
    Network Security Management (NSM) - Cross site scripting vulnerability
    Summary
    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: unspecified , < 9.1 update 6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.1 update 6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T21:05:23.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
            }
          ],
          "source": {
            "advisory": "SB10310",
            "discovery": "EXTERNAL"
          },
          "title": "Network Security Management (NSM) - Cross site scripting vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2020-7256",
              "STATE": "PUBLIC",
              "TITLE": "Network Security Management (NSM) - Cross site scripting vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.1 update 6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
                }
              ]
            },
            "source": {
              "advisory": "SB10310",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7256",
        "datePublished": "2020-03-18T21:05:23.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7258 (GCVE-0-2020-7258)

    Vulnerability from nvd – Published: 2020-03-18 21:05 – Updated: 2024-08-04 09:25
    VLAI
    Title
    Network Security Management (NSM) - Cross site scripting vulnerability
    Summary
    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: unspecified , < 9.1 update 6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.1 update 6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T21:05:15.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
            }
          ],
          "source": {
            "advisory": "SB10310",
            "discovery": "EXTERNAL"
          },
          "title": "Network Security Management (NSM) - Cross site scripting vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2020-7258",
              "STATE": "PUBLIC",
              "TITLE": "Network Security Management (NSM) - Cross site scripting vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.1 update 6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
                }
              ]
            },
            "source": {
              "advisory": "SB10310",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7258",
        "datePublished": "2020-03-18T21:05:15.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3602 (GCVE-0-2019-3602)

    Vulnerability from nvd – Published: 2019-05-15 15:47 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Cross site scripting vulnerability in McAfee NSM impacting authenticated users
    Summary
    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
    CWE
    • Cross Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1 update 5 (9.1.7.77) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
              },
              {
                "name": "108400",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThan": "9.1 update 5 (9.1.7.77)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-21T14:06:08.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
            },
            {
              "name": "108400",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108400"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cross site scripting vulnerability in McAfee NSM impacting authenticated users",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3602",
              "STATE": "PUBLIC",
              "TITLE": "Cross site scripting vulnerability in McAfee NSM impacting authenticated users"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1 update 5 (9.1.7.77)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
                },
                {
                  "name": "108400",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108400"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3602",
        "datePublished": "2019-05-15T15:47:03.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3606 (GCVE-0-2019-3606)

    Vulnerability from nvd – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
    Summary
    Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75 (91.update 4) (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
              },
              {
                "name": "107613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107613"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75 (91.update 4)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-29T07:06:06.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
            },
            {
              "name": "107613",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107613"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3606",
              "STATE": "PUBLIC",
              "TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75 (91.update 4)"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
                },
                {
                  "name": "107613",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107613"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3606",
        "datePublished": "2019-03-26T17:23:48.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3597 (GCVE-0-2019-3597)

    Vulnerability from nvd – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Authentication bypass in McAfee Network Security Manager 9.x
    Summary
    Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75.2 (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
              },
              {
                "name": "107609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75.2",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-28T12:06:05.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
            },
            {
              "name": "107609",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107609"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication bypass in McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3597",
              "STATE": "PUBLIC",
              "TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
                },
                {
                  "name": "107609",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107609"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3597",
        "datePublished": "2019-03-26T17:21:31.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6681 (GCVE-0-2018-6681)

    Vulnerability from nvd – Published: 2018-07-17 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability
    Summary
    Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
    CWE
    • Abuse of Functionality vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 9.1.7.11 , ≤ 9.1.7.11 (custom)
    Create a notification for this product.
    Date Public
    2018-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "9.1.7.11",
                  "status": "affected",
                  "version": "9.1.7.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Abuse of Functionality vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-17T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6681",
              "STATE": "PUBLIC",
              "TITLE": "SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "9.1.7.11",
                                "version_value": "9.1.7.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Abuse of Functionality vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6681",
        "datePublished": "2018-07-17T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3968 (GCVE-0-2017-3968)

    Vulnerability from nvd – Published: 2018-06-13 20:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
    Summary
    Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
    CWE
    • Session fixation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    McAfee Network Data Loss Prevention (NDLP) Affected: 9.3 , < 9.3.4.1.5 Hotfix 1201697_47868 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Data Loss Prevention (NDLP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.3.4.1.5 Hotfix 1201697_47868",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Session fixation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-13T19:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3968",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Network Data Loss Prevention (NDLP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "9.3",
                                "version_value": "9.3.4.1.5 Hotfix 1201697_47868"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Session fixation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3968",
        "datePublished": "2018-06-13T20:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3960 (GCVE-0-2017-3960)

    Vulnerability from nvd – Published: 2018-06-12 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability
    Summary
    Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
    CWE
    • Exploitation of Authorization vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exploitation of Authorization vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "UNKNOWN"
          },
          "title": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3960",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exploitation of Authorization vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3960",
        "datePublished": "2018-06-12T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3962 (GCVE-0-2017-3962)

    Vulnerability from nvd – Published: 2018-06-12 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability
    Summary
    Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
    CWE
    • Password recovery exploitation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Password recovery exploitation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "UNKNOWN"
          },
          "title": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3962",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Password recovery exploitation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3962",
        "datePublished": "2018-06-12T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3961 (GCVE-0-2017-3961)

    Vulnerability from nvd – Published: 2018-05-25 13:00 – Updated: 2024-09-16 23:15
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability
    Summary
    Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
    CWE
    • Cross-Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2.7.42.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2.7.42.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-25T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "INTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3961",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.2.7.42.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3961",
        "datePublished": "2018-05-25T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:49.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3967 (GCVE-0-2017-3967)

    Vulnerability from nvd – Published: 2018-04-04 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability
    Summary
    Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
    CWE
    • Target influence via framing vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Target influence via framing vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3967",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Target influence via framing vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3967",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:17.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3964 (GCVE-0-2017-3964)

    Vulnerability from nvd – Published: 2018-04-04 13:00 – Updated: 2024-09-17 04:14
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability
    Summary
    Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
    CWE
    • Reflective Cross-Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflective Cross-Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3964",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflective Cross-Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3964",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:15.063Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3971 (GCVE-0-2017-3971)

    Vulnerability from nvd – Published: 2018-04-04 13:00 – Updated: 2024-09-17 02:05
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability
    Summary
    Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
    CWE
    • Cryptanalysis vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cryptanalysis vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3971",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cryptanalysis vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3971",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:05:54.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3965 (GCVE-0-2017-3965)

    Vulnerability from nvd – Published: 2018-04-04 13:00 – Updated: 2024-09-16 16:38
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.
    CWE
    • Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3965",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3965",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:11.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4038 (GCVE-0-2021-4038)

    Vulnerability from cvelistv5 – Published: 2021-12-09 15:55 – Updated: 2024-08-03 17:16
    VLAI
    Title
    NSM vulnerable to XSS
    Summary
    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee Network Security Manager (NSM) Affected: unspecified , < 10.7 M7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:03.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "10.7 M7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-09T15:55:17.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NSM vulnerable to XSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2021-4038",
              "STATE": "PUBLIC",
              "TITLE": "NSM vulnerable to XSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "10.7 M7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10375"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2021-4038",
        "datePublished": "2021-12-09T15:55:17.000Z",
        "dateReserved": "2021-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:03.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7256 (GCVE-0-2020-7256)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:05 – Updated: 2024-08-04 09:25
    VLAI
    Title
    Network Security Management (NSM) - Cross site scripting vulnerability
    Summary
    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: unspecified , < 9.1 update 6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.1 update 6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T21:05:23.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
            }
          ],
          "source": {
            "advisory": "SB10310",
            "discovery": "EXTERNAL"
          },
          "title": "Network Security Management (NSM) - Cross site scripting vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2020-7256",
              "STATE": "PUBLIC",
              "TITLE": "Network Security Management (NSM) - Cross site scripting vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.1 update 6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
                }
              ]
            },
            "source": {
              "advisory": "SB10310",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7256",
        "datePublished": "2020-03-18T21:05:23.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7258 (GCVE-0-2020-7258)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:05 – Updated: 2024-08-04 09:25
    VLAI
    Title
    Network Security Management (NSM) - Cross site scripting vulnerability
    Summary
    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: unspecified , < 9.1 update 6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.1 update 6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T21:05:15.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
            }
          ],
          "source": {
            "advisory": "SB10310",
            "discovery": "EXTERNAL"
          },
          "title": "Network Security Management (NSM) - Cross site scripting vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2020-7258",
              "STATE": "PUBLIC",
              "TITLE": "Network Security Management (NSM) - Cross site scripting vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.1 update 6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
                }
              ]
            },
            "source": {
              "advisory": "SB10310",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2020-7258",
        "datePublished": "2020-03-18T21:05:15.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:25:48.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3602 (GCVE-0-2019-3602)

    Vulnerability from cvelistv5 – Published: 2019-05-15 15:47 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Cross site scripting vulnerability in McAfee NSM impacting authenticated users
    Summary
    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
    CWE
    • Cross Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee, LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1 update 5 (9.1.7.77) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
              },
              {
                "name": "108400",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThan": "9.1 update 5 (9.1.7.77)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-21T14:06:08.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
            },
            {
              "name": "108400",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108400"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cross site scripting vulnerability in McAfee NSM impacting authenticated users",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3602",
              "STATE": "PUBLIC",
              "TITLE": "Cross site scripting vulnerability in McAfee NSM impacting authenticated users"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1 update 5 (9.1.7.77)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10281"
                },
                {
                  "name": "108400",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108400"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3602",
        "datePublished": "2019-05-15T15:47:03.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3606 (GCVE-0-2019-3606)

    Vulnerability from cvelistv5 – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
    Summary
    Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75 (91.update 4) (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
              },
              {
                "name": "107613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107613"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75 (91.update 4)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-29T07:06:06.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
            },
            {
              "name": "107613",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107613"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3606",
              "STATE": "PUBLIC",
              "TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75 (91.update 4)"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
                },
                {
                  "name": "107613",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107613"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3606",
        "datePublished": "2019-03-26T17:23:48.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3597 (GCVE-0-2019-3597)

    Vulnerability from cvelistv5 – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Authentication bypass in McAfee Network Security Manager 9.x
    Summary
    Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75.2 (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
              },
              {
                "name": "107609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75.2",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-28T12:06:05.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
            },
            {
              "name": "107609",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107609"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication bypass in McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3597",
              "STATE": "PUBLIC",
              "TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
                },
                {
                  "name": "107609",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107609"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3597",
        "datePublished": "2019-03-26T17:21:31.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6681 (GCVE-0-2018-6681)

    Vulnerability from cvelistv5 – Published: 2018-07-17 13:00 – Updated: 2024-08-05 06:10
    VLAI
    Title
    SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability
    Summary
    Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
    CWE
    • Abuse of Functionality vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 9.1.7.11 , ≤ 9.1.7.11 (custom)
    Create a notification for this product.
    Date Public
    2018-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:11.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThanOrEqual": "9.1.7.11",
                  "status": "affected",
                  "version": "9.1.7.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Abuse of Functionality vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-17T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2018-6681",
              "STATE": "PUBLIC",
              "TITLE": "SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "9.1.7.11",
                                "version_value": "9.1.7.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Abuse of Functionality vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10244"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2018-6681",
        "datePublished": "2018-07-17T13:00:00.000Z",
        "dateReserved": "2018-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:11.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3968 (GCVE-0-2017-3968)

    Vulnerability from cvelistv5 – Published: 2018-06-13 20:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
    Summary
    Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
    CWE
    • Session fixation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    McAfee Network Data Loss Prevention (NDLP) Affected: 9.3 , < 9.3.4.1.5 Hotfix 1201697_47868 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.141Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Data Loss Prevention (NDLP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "9.3.4.1.5 Hotfix 1201697_47868",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Session fixation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-13T19:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3968",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Network Data Loss Prevention (NDLP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "9.3",
                                "version_value": "9.3.4.1.5 Hotfix 1201697_47868"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Session fixation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10198"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3968",
        "datePublished": "2018-06-13T20:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3960 (GCVE-0-2017-3960)

    Vulnerability from cvelistv5 – Published: 2018-06-12 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability
    Summary
    Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
    CWE
    • Exploitation of Authorization vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exploitation of Authorization vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "UNKNOWN"
          },
          "title": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3960",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exploitation of Authorization vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3960",
        "datePublished": "2018-06-12T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3962 (GCVE-0-2017-3962)

    Vulnerability from cvelistv5 – Published: 2018-06-12 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Title
    McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability
    Summary
    Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
    CWE
    • Password recovery exploitation vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Password recovery exploitation vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "UNKNOWN"
          },
          "title": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2017-3962",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Password recovery exploitation vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3962",
        "datePublished": "2018-06-12T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3961 (GCVE-0-2017-3961)

    Vulnerability from cvelistv5 – Published: 2018-05-25 13:00 – Updated: 2024-09-16 23:15
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability
    Summary
    Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
    CWE
    • Cross-Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2.7.42.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2.7.42.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-25T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "INTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3961",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.2.7.42.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3961",
        "datePublished": "2018-05-25T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:49.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3967 (GCVE-0-2017-3967)

    Vulnerability from cvelistv5 – Published: 2018-04-04 13:00 – Updated: 2024-09-16 18:13
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability
    Summary
    Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
    CWE
    • Target influence via framing vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Target influence via framing vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3967",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Target influence via framing vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3967",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:17.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3964 (GCVE-0-2017-3964)

    Vulnerability from cvelistv5 – Published: 2018-04-04 13:00 – Updated: 2024-09-17 04:14
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability
    Summary
    Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
    CWE
    • Reflective Cross-Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflective Cross-Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3964",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflective Cross-Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3964",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:15.063Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3971 (GCVE-0-2017-3971)

    Vulnerability from cvelistv5 – Published: 2018-04-04 13:00 – Updated: 2024-09-17 02:05
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability
    Summary
    Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
    CWE
    • Cryptanalysis vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cryptanalysis vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3971",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cryptanalysis vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3971",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:05:54.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3965 (GCVE-0-2017-3965)

    Vulnerability from cvelistv5 – Published: 2018-04-04 13:00 – Updated: 2024-09-16 16:38
    VLAI
    Title
    SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.
    CWE
    • Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee Network Security Management (NSM) Affected: 8.2 , < 8.2.7.42.2 (custom)
    Create a notification for this product.
    Date Public
    2017-03-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Management (NSM)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.2.7.42.2",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-03-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T12:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
            }
          ],
          "source": {
            "advisory": "SB10192",
            "discovery": "EXTERNAL"
          },
          "title": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
              "ID": "CVE-2017-3965",
              "STATE": "PUBLIC",
              "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Management (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.7.42.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10192"
                }
              ]
            },
            "source": {
              "advisory": "SB10192",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-3965",
        "datePublished": "2018-04-04T13:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:11.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }