Update CVE-2017-3965.json

SB10192
2025-05-31 02:31:49 +00:00 · 2018-04-03 16:27:03 -05:00 · 2018-04-03 16:27:03 -05:00 · 87cef4afb7
commit 87cef4afb7
parent 3de98c2f7f
1 changed files with 77 additions and 11 deletions
--- a/2017/3xxx/CVE-2017-3965.json
+++ b/2017/3xxx/CVE-2017-3965.json
@ -1,18 +1,84 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-3965",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "psirt@mcafee.com",
+      "DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
+      "ID": "CVE-2017-3965",
+      "STATE": "PUBLIC",
+      "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Network Security Management (NSM)",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_name": "8.2",
+                                 "version_value": "8.2.7.42.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "McAfee"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 6.4,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "LOW",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "REQUIRED",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "SB10192",
+      "discovery": "EXTERNAL"
   }
 }