{ "CVE_data_meta": { "ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2017-03-29T17:00:00.000Z", "ID": "CVE-2017-3965", "STATE": "PUBLIC", "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Network Security Management (NSM)", "version": { "version_data": [ { "affected": "<", "version_name": "8.2", "version_value": "8.2.7.42.2" } ] } } ] }, "vendor_name": "McAfee" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" } ] } ] }, "references": { "reference_data": [ { "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" } ] }, "source": { "advisory": "SB10192", "discovery": "EXTERNAL" } }