CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3968 – McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
https://notcve.org/view.php?id=CVE-2017-3968
13 Jun 2018 — Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. Vulnerabilidad de fijación de sesión en la interfaz web en McAfee Network Security Manager (NSM) en versiones anteriores a la 8.2.7.42.2 y McAfee Network Data Loss Prevention (NDLP) en versiones anteriores a la 9.3.... • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3933
https://notcve.org/view.php?id=CVE-2017-3933
31 Oct 2017 — Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. Existe una vulnerabilidad de incrustación de script (XSS) en cabeceras HTTP en versiones 9.3.x de McAfee Network Data Loss Prevention (NDLP) que permite que usuarios autenticados remotos visualicen información confidencial mediante un ataque Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/101628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •