CVE-2017-3968

Summary

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.

Affected Software

VendorProductVersion RangeStatus
McAfeeNetwork Security Management (NSM)8 < 8.2.7.42.2affected
McAfeeNetwork Data Loss Prevention (NDLP)9.3 < 9.3.4.1.5 Hotfix 1201697_47868affected

Weaknesses

  • Session fixation vulnerability

ADP Enrichment

CVE Program Container

Additional References

References