HIGH🇵🇱 Wersja polska

CVE-2017-3968

CVSS 7.5v3.0pub. 2018-06-13upd. 2024-11-21

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
  • Mcafee Network Data Loss Prevention

    APP
    Mcafee
    < 9.3.4.1.5
  • Mcafee Network Security Manager

    APP
    Mcafee
    < 8.2.7.42.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-3606HIGH7.7ten sam produkt

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security ...

CVE-2017-3971HIGH8.2ten sam produkt

Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2...

CVE-2017-3965HIGH8.8ten sam produkt

Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Se...

CVE-2017-3969HIGH8.2ten sam produkt

Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before...

CVE-2017-3972HIGH8.3ten sam produkt

Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (N...