CVE-2017-3968
7.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
Summary
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee | Network Security Management (NSM) | 8 < 8.2.7.42.2 | affected |
| McAfee | Network Data Loss Prevention (NDLP) | 9.3 < 9.3.4.1.5 Hotfix 1201697_47868 | affected |
Weaknesses
- Session fixation vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
- https://kc.mcafee.com/corporate/index?page=content&id=SB10192
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
- https://kc.mcafee.com/corporate/index?page=content&id=SB10192
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.