Lucene search

TrellixCVELIST:CVE-2017-3967

HistoryMar 29, 2017 - 12:00 a.m.

CVE-2017-3967 SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability

2017-03-2900:00:00

trellix

www.cve.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

50.1%

JSON

Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.

CNA Affected

[
  {
    "product": "Network Security Management (NSM)",
    "vendor": "McAfee",
    "versions": [
      {
        "lessThan": "8.2.7.42.2",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  }
]

References

kc.mcafee.com/corporate/index?page=content&id=SB10192

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

50.1%

JSON

Related for CVELIST:CVE-2017-3967