Lucene search

TrellixCVELIST:CVE-2017-3907

HistoryJun 13, 2018 - 9:00 p.m.

CVE-2017-3907 McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability

2018-06-1321:00:00

trellix

www.cve.org

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.

CNA Affected

[
  {
    "platforms": [
      "x86"
    ],
    "product": "Threat Intelligence Exchange (TIE) Server",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "2.1.0 Hotfix 1",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10207

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVELIST:CVE-2017-3907