cvelist/2017/3xxx/CVE-2017-3907.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "psirt@mcafee.com",
      "ID" : "CVE-2017-3907",
      "STATE" : "PUBLIC",
      "TITLE" : "McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Threat Intelligence Exchange (TIE) Server",
                        "version" : {
                           "version_data" : [
                              {
                                 "affected" : "<",
                                 "platform" : "x86",
                                 "version_name" : "2.1.0",
                                 "version_value" : "2.1.0 Hotfix 1"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "McAfee"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector."
         }
      ]
   },
   "impact" : {
      "cvss" : {
         "attackComplexity" : "HIGH",
         "attackVector" : "NETWORK",
         "availabilityImpact" : "LOW",
         "baseScore" : 5.4,
         "baseSeverity" : "MEDIUM",
         "confidentialityImpact" : "LOW",
         "integrityImpact" : "NONE",
         "privilegesRequired" : "NONE",
         "scope" : "CHANGED",
         "userInteraction" : "NONE",
         "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
         "version" : "3.0"
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Code Injection vulnerability"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207",
            "refsource" : "CONFIRM",
            "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207"
         }
      ]
   },
   "source" : {
      "advisory" : "SB10207",
      "discovery" : "INTERNAL"
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "psirt@mcafee.com",`
			`"ID" : "CVE-2017-3907",`
			`"STATE" : "PUBLIC",`
			`"TITLE" : "McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"product" : {`
			`"product_data" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"product_name" : "Threat Intelligence Exchange (TIE) Server",`
			`"version" : {`
			`"version_data" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"affected" : "<",`
			`"platform" : "x86",`
			`"version_name" : "2.1.0",`
			`"version_value" : "2.1.0 Hotfix 1"`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"vendor_name" : "McAfee"`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`]`
			`}`
			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"lang" : "eng",`
			`"value" : "Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector."`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`]`
			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "HIGH",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "LOW",`
			`"baseScore" : 5.4,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "NONE",`
			`"privilegesRequired" : "NONE",`
			`"scope" : "CHANGED",`
			`"userInteraction" : "NONE",`
			`"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",`
			`"version" : "3.0"`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"problemtype" : {`
			`"problemtype_data" : [`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"description" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"lang" : "eng",`
			`"value" : "Code Injection vulnerability"`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`]`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"references" : {`
			`"reference_data" : [`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`{`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207",`
			`"refsource" : "CONFIRM",`
			`"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207"`
Update CVE-2017-3907.json 2018-06-12 16:49:11 -05:00			`}`
			`]`
			`},`
- Synchronized data. 2018-06-13 17:04:32 -04:00			`"source" : {`
			`"advisory" : "SB10207",`
			`"discovery" : "INTERNAL"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`}`