HIGH🇵🇱 Wersja polska

CVE-2017-3965

CVSS 8.8v3.0pub. 2018-04-04upd. 2024-11-21

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Mcafee Network Security Manager

    APP
    Mcafee
    < 8.2.7.42.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-3606HIGH7.7ten sam produkt

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security ...

CVE-2017-3968HIGH7.5ten sam produkt

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2...

CVE-2017-3969HIGH8.2ten sam produkt

Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before...

CVE-2017-3971HIGH8.2ten sam produkt

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2...

CVE-2017-3972HIGH8.3ten sam produkt

Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (N...