19 matches found
CVE-2020-7258
McAfee Network Security Management (NSM) NSM versions prior to 9.1 update 6 (and specifically 9.1 and earlier per CNVD) contain a Cross-Site Scripting vulnerability. The root cause is a lack of proper validation of client-side data by a web application, enabling execution of client-side code. The...
CVE-2020-7256
The CVE-2020-7256 entry concerns a Cross-Site Scripting vulnerability in McAfee Network Security Management (NSM) prior to version 9.1. The available connected documents confirm the affected product (NSM) and the vulnerability class (XSS) but do not provide concrete exploit vectors, affected comp...
CVE-2018-6681
CVE-2018-6681 is an Abuse of Functionality vulnerability in McAfee Network Security Management (NSM) 9.1.7.11 and earlier. The issue occurs in the web interface where authenticated users can cause arbitrary HTML to be reflected in the response page, via the appliance’s web interface. Affected sof...
CVE-2019-3597
The CVE-2019-3597 entry applies to McAfee Network Security Manager (NSM) 9.1 and 9.2 branches. Affected: NSM versions < 9.1.7.75.2 and
CVE-2019-3602
CVE-2019-3602 is an XSS in McAfee Network Security Manager (NSM) before 9.1 Update 5. An authenticated administrator can embed an XSS in the NSM administrator interface via a specially crafted custom rule containing HTML. The provided documents do not specify root cause details or a patch/version...
CVE-2017-3965
The CVE-2017-3965 entry concerns the McAfee Network Security Management (NSM) web interface. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw in NSM prior to 8.2.7.42.2 that enables remote attackers to perform unauthorized tasks by issuing specially crafted URLs. The affected compone...
CVE-2017-3960
The CVE-2017-3960 entry relates to McAfee Network Security Management (NSM) web interface: an authorization vulnerability that lets authenticated users gain elevated privileges via a crafted HTTP request parameter. Affected product: NSM web interface prior to version 8.2.7.42.2. Root cause: impro...
CVE-2017-3968
CVE-2017-3968 concerns a session fixation vulnerability in the web interface of McAfee Network Security Manager (NSM) and Network Data Loss Prevention (NDLP). The issue allows remote attackers to disclose sensitive information or manipulate the underlying database by exploiting a crafted authenti...
CVE-2017-3967
CVE-2017-3967 affects McAfee Network Security Management (NSM) web interface prior to version 8.2.7.42.2. The issue is a framing vulnerability that allows a remote attacker to inject arbitrary web script or HTML by breaking out of third‑party frames in application pages. Documents consistently de...
CVE-2017-3969
CVE-2017-3969 affects McAfee Network Security Management (NSM) servers prior to version 8.2.7.42.2. The root cause is an inadequate SSL implementation, enabling MITM attackers to decrypt messages. Documentation indicates the vulnerable component is the SSL handling in NSM; remediation guidance (f...
CVE-2017-3961
CVE-2017-3961 is an XSS vulnerability in McAfee Network Security Management (NSM) web interface, exploitable by authenticated users via crafted input to reflect arbitrary HTML in responses. Affected: NSM before version 8.2.7.42.2; fix likely in 8.2.7.42.2 per description. Overall impact: reflecte...
CVE-2021-4038
CVE-2021-4038 affects McAfee Network Security Manager (NSM) prior to 10.1 Minor 7. The vulnerability arises from improper sanitization of custom rule content containing HTML, allowing a remote authenticated administrator to embed XSS in the NSM administrator interface. Impact is limited to XSS vi...
CVE-2017-3964
McAfee Network Security Management (NSM) Web UI vulnerable to Reflective Cross-Site Scripting via a URL parameter. Affected product: NSM web interface (before 8.2.7.42.2). Cause: reflected XSS in the web interface. Impact: arbitrary web script/HTML injection. Remediation: upgrade to 8.2.7.42.2 or...
CVE-2019-3606
CVE-2019-3606 affects McAfee Network Security Manager (NSM) in the web portal component when running NSM 9.x with versions prior to 9.1.7.75 Update 4 or 9.2.7.31 Update2. The issue enables data leakage by allowing administrators to view configuration information in plain text via the GUI or GUI t...
CVE-2017-3966
CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...
CVE-2017-3971
CVE-2017-3971 – McAfee Network Security Management (NSM) : The vulnerability affects the NSM web interface prior to 8.2.7.42.2, due to insecure use of RC4 encryption ciphers in the authentication/web layer, enabling attackers to view confidential information. The issue is documented across multip...
CVE-2014-2390
Technical details for CVE-2014-2390 are not publicly provided in the supplied connected documents. Based on the initial entry, no specific affected product versions, exploit vectors, or remediation are disclosed here. Monitor for updates.
CVE-2017-3972
CVE-2017-3972 affects McAfee Network Security Management (NSM) prior to version 8.2.7.42.2 . The vulnerability is described as an infrastructure-based foot printing issue in the web interface, enabling an attacker to execute arbitrary code via the server banner that leaks potentially sensitive or...
CVE-2017-3962
The CVE concerns McAfee Network Security Management (NSM) where the non-certificate-based authentication mechanism allows password recovery exploitation. Affected product/version: NSM prior to 8.2.7.42.2. Root cause: unsalted hashes enabling attackers to crack user passwords. Impact: password com...