admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-39xx/CVE-2017-3968.json
cad-safe-bot b47d02a333 Auto-Update: 2023-11-07T21:02:52.274489+00:00
2023-11-07 21:03:21 +00:00

132 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-3968",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2018-06-13T20:29:00.213",
"lastModified": "2023-11-07T02:44:33.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la interfaz web en McAfee Network Security Manager (NSM) en versiones anteriores a la 8.2.7.42.2 y McAfee Network Data Loss Prevention (NDLP) en versiones anteriores a la 9.3.4.1.5 permite que atacantes remotos revelen informaci\u00f3n sensible o manipulen la base de datos mediante una cookie de autenticaci\u00f3n manipulada."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.4.1.5",
"matchCriteriaId": "2EBD64DA-659A-4EA6-9DAA-CD2431B21531"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2.7.42.2",
"matchCriteriaId": "1BAB1F42-EE61-4A4E-BFAA-550B220CA0EB"
}
]
}
]
}
],
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192",
"source": "trellixpsirt@trellix.com"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198",
"source": "trellixpsirt@trellix.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink