Lucene search
K
McafeeNetwork Security Manager

19 matches found

CVE
CVE
added 2020/03/18 9:5 p.m.78 views

CVE-2020-7258

McAfee Network Security Management (NSM) NSM versions prior to 9.1 update 6 (and specifically 9.1 and earlier per CNVD) contain a Cross-Site Scripting vulnerability. The root cause is a lack of proper validation of client-side data by a web application, enabling execution of client-side code. The...

4.8CVSS4.9AI score0.00517EPSS
CVE
CVE
added 2020/03/18 9:5 p.m.72 views

CVE-2020-7256

The CVE-2020-7256 entry concerns a Cross-Site Scripting vulnerability in McAfee Network Security Management (NSM) prior to version 9.1. The available connected documents confirm the affected product (NSM) and the vulnerability class (XSS) but do not provide concrete exploit vectors, affected comp...

4.8CVSS4.9AI score0.00517EPSS
CVE
CVE
added 2018/07/17 1:0 p.m.63 views

CVE-2018-6681

CVE-2018-6681 is an Abuse of Functionality vulnerability in McAfee Network Security Management (NSM) 9.1.7.11 and earlier. The issue occurs in the web interface where authenticated users can cause arbitrary HTML to be reflected in the response page, via the appliance’s web interface. Affected sof...

5.5CVSS5.5AI score0.00498EPSS
CVE
CVE
added 2019/03/26 5:21 p.m.58 views

CVE-2019-3597

The CVE-2019-3597 entry applies to McAfee Network Security Manager (NSM) 9.1 and 9.2 branches. Affected: NSM versions < 9.1.7.75.2 and

9.8CVSS8.1AI score0.01124EPSS
CVE
CVE
added 2019/05/15 3:47 p.m.58 views

CVE-2019-3602

CVE-2019-3602 is an XSS in McAfee Network Security Manager (NSM) before 9.1 Update 5. An authenticated administrator can embed an XSS in the NSM administrator interface via a specially crafted custom rule containing HTML. The provided documents do not specify root cause details or a patch/version...

4.8CVSS4.6AI score0.00632EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.57 views

CVE-2017-3965

The CVE-2017-3965 entry concerns the McAfee Network Security Management (NSM) web interface. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw in NSM prior to 8.2.7.42.2 that enables remote attackers to perform unauthorized tasks by issuing specially crafted URLs. The affected compone...

8.8CVSS8.7AI score0.00549EPSS
CVE
CVE
added 2018/06/12 2:0 p.m.56 views

CVE-2017-3960

The CVE-2017-3960 entry relates to McAfee Network Security Management (NSM) web interface: an authorization vulnerability that lets authenticated users gain elevated privileges via a crafted HTTP request parameter. Affected product: NSM web interface prior to version 8.2.7.42.2. Root cause: impro...

8.8CVSS7.1AI score0.00904EPSS
CVE
CVE
added 2018/06/13 8:0 p.m.52 views

CVE-2017-3968

CVE-2017-3968 concerns a session fixation vulnerability in the web interface of McAfee Network Security Manager (NSM) and Network Data Loss Prevention (NDLP). The issue allows remote attackers to disclose sensitive information or manipulate the underlying database by exploiting a crafted authenti...

9.1CVSS8.3AI score0.01497EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.51 views

CVE-2017-3967

CVE-2017-3967 affects McAfee Network Security Management (NSM) web interface prior to version 8.2.7.42.2. The issue is a framing vulnerability that allows a remote attacker to inject arbitrary web script or HTML by breaking out of third‑party frames in application pages. Documents consistently de...

6.1CVSS6.2AI score0.00746EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.51 views

CVE-2017-3969

CVE-2017-3969 affects McAfee Network Security Management (NSM) servers prior to version 8.2.7.42.2. The root cause is an inadequate SSL implementation, enabling MITM attackers to decrypt messages. Documentation indicates the vulnerable component is the SSL handling in NSM; remediation guidance (f...

8.2CVSS6AI score0.00814EPSS
CVE
CVE
added 2018/05/25 1:0 p.m.50 views

CVE-2017-3961

CVE-2017-3961 is an XSS vulnerability in McAfee Network Security Management (NSM) web interface, exploitable by authenticated users via crafted input to reflect arbitrary HTML in responses. Affected: NSM before version 8.2.7.42.2; fix likely in 8.2.7.42.2 per description. Overall impact: reflecte...

5.4CVSS4.5AI score0.00606EPSS
CVE
CVE
added 2021/12/09 3:55 p.m.50 views

CVE-2021-4038

CVE-2021-4038 affects McAfee Network Security Manager (NSM) prior to 10.1 Minor 7. The vulnerability arises from improper sanitization of custom rule content containing HTML, allowing a remote authenticated administrator to embed XSS in the NSM administrator interface. Impact is limited to XSS vi...

4.8CVSS4.5AI score0.00575EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.49 views

CVE-2017-3964

McAfee Network Security Management (NSM) Web UI vulnerable to Reflective Cross-Site Scripting via a URL parameter. Affected product: NSM web interface (before 8.2.7.42.2). Cause: reflected XSS in the web interface. Impact: arbitrary web script/HTML injection. Remediation: upgrade to 8.2.7.42.2 or...

5.4CVSS4.4AI score0.00606EPSS
CVE
CVE
added 2019/03/26 5:23 p.m.49 views

CVE-2019-3606

CVE-2019-3606 affects McAfee Network Security Manager (NSM) in the web portal component when running NSM 9.x with versions prior to 9.1.7.75 Update 4 or 9.2.7.31 Update2. The issue enables data leakage by allowing administrators to view configuration information in plain text via the GUI or GUI t...

7.7CVSS4.5AI score0.00211EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.47 views

CVE-2017-3966

CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...

6.5CVSS6.4AI score0.00685EPSS
CVE
CVE
added 2018/04/04 1:0 p.m.46 views

CVE-2017-3971

CVE-2017-3971 – McAfee Network Security Management (NSM) : The vulnerability affects the NSM web interface prior to 8.2.7.42.2, due to insecure use of RC4 encryption ciphers in the authentication/web layer, enabling attackers to view confidential information. The issue is documented across multip...

8.2CVSS6.7AI score0.00316EPSS
CVE
CVE
added 2014/08/29 5:0 p.m.44 views

CVE-2014-2390

Technical details for CVE-2014-2390 are not publicly provided in the supplied connected documents. Based on the initial entry, no specific affected product versions, exploit vectors, or remediation are disclosed here. Monitor for updates.

6.8CVSS7.3AI score0.00708EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.44 views

CVE-2017-3972

CVE-2017-3972 affects McAfee Network Security Management (NSM) prior to version 8.2.7.42.2 . The vulnerability is described as an infrastructure-based foot printing issue in the web interface, enabling an attacker to execute arbitrary code via the server banner that leaks potentially sensitive or...

9.8CVSS9.5AI score0.0151EPSS
CVE
CVE
added 2018/06/12 2:0 p.m.43 views

CVE-2017-3962

The CVE concerns McAfee Network Security Management (NSM) where the non-certificate-based authentication mechanism allows password recovery exploitation. Affected product/version: NSM prior to 8.2.7.42.2. Root cause: unsalted hashes enabling attackers to crack user passwords. Impact: password com...

9.8CVSS7.5AI score0.00352EPSS