CVE-2020-7256 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7256
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores a 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7258 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7258
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3602 – Cross site scripting vulnerability in McAfee NSM impacting authenticated users
https://notcve.org/view.php?id=CVE-2019-3602
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. Vulnerabilidad de tipo Cross Site Scripting (XSS) en Network Security Manager (NSM) de McAfee anterior de la versión 9.1 actualización 5, permite a un administrador autenticado insertar un XSS en la interfaz del administrador por medio de una regla personalizada especialmente creada con contenido HTML. • http://www.securityfocus.com/bid/108400 https://kc.mcafee.com/corporate/index?page=content&id=SB10281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3606 – Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
https://notcve.org/view.php?id=CVE-2019-3606
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. Vulnerabilidad de filtrado de datos en el componente del portal web cuando está en modo de emparejado MDR en McAfee Network Security Management (NSM), en versiones 9.1 anteriores a la 9.1.7.75 (Update 4) y versiones 9.2 anteriores a la 9.2.7.31 Update2, permite que los administradores visualicen la información de configuración en texto plano mediante la GUI o los comandos del terminal de la GUI. • http://www.securityfocus.com/bid/107613 https://kc.mcafee.com/corporate/index?page=content&id=SB10274 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2019-3597 – Authentication bypass in McAfee Network Security Manager 9.x
https://notcve.org/view.php?id=CVE-2019-3597
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. Vulnerabilidad de omisión de autenticación en McAfee Network Security Manager (NSM), en versiones 9.1 anteriores a la 9.1.7.75.2 y versiones 9.2 anteriores a la 9.2.7.31 (9.2 Update 2), permite que los usuarios no autenticados obtengan derechos de administrador mediante el manejo incorrecto de las sesiones GUI caducadas. • http://www.securityfocus.com/bid/107609 https://kc.mcafee.com/corporate/index?page=content&id=SB10275 •