admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 10:10:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2017-3968.json

Browse Source
This commit is contained in:
rbyronh 2018-06-12 14:40:20 -05:00 committed by GitHub
parent 8d0c69adc7
commit 0c385d9441
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 97 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
2017/3xxx/CVE-2017-3968.json
View File

@ -1,18 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3968",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2017-3968",
"STATE": "PUBLIC",
"TITLE": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Management (NSM)",
"version": {
"version_data": [
{
"affected": "<",
"platform": "x86",
"version_name": "8",
"version_value": "8.2.7.42.2"
}
]
}
},
{
"product_name": "Network Data Loss Prevention (NDLP)",
"version": {
"version_data": [
{
"affected": "<",
"platform": "x86",
"version_name": "9.3",
"version_value": "9.3.4.1.5 Hotfix 1201697_47868"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation vulnerability\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "McAfee - Security Bulletin SB10192",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
},
{
"name": "McAfee - Security Bulletin SB10198",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198"
}
]
},
"source": {
"advisory": "SB10192",
"discovery": "EXTERNAL"
}
}