HIGH🇬🇧 English

CVE-2017-3965

CVSS 8.8v3.0pub. 2018-04-04upd. 2024-11-21

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Mcafee Network Security Manager

    APP
    Mcafee
    < 8.2.7.42.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-3606HIGH7.7ten sam produkt

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security ...

CVE-2017-3968HIGH7.5ten sam produkt

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2...

CVE-2017-3969HIGH8.2ten sam produkt

Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before...

CVE-2017-3971HIGH8.2ten sam produkt

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2...

CVE-2017-3972HIGH8.3ten sam produkt

Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (N...