CVE-2018-6681 – SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability
https://notcve.org/view.php?id=CVE-2018-6681
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. Vulnerabilidad de abuso de funcionalidades en la interfaz web en McAfee Network Security Management (NSM) en versiones 9.1.7.11 y anteriores permite que usuarios autenticados puedan reflejar código HTML arbitrario en la página web de respuesta mediante la interfaz web de la aplicación. • https://kc.mcafee.com/corporate/index?page=content&id=SB10244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3968 – McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
https://notcve.org/view.php?id=CVE-2017-3968
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. Vulnerabilidad de fijación de sesión en la interfaz web en McAfee Network Security Manager (NSM) en versiones anteriores a la 8.2.7.42.2 y McAfee Network Data Loss Prevention (NDLP) en versiones anteriores a la 9.3.4.1.5 permite que atacantes remotos revelen información sensible o manipulen la base de datos mediante una cookie de autenticación manipulada. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 https://kc.mcafee.com/corporate/index?page=content&id=SB10198 • CWE-384: Session Fixation •
CVE-2017-3962 – McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability
https://notcve.org/view.php?id=CVE-2017-3962
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. Vulnerabilidad de explotación de recuperación de contraseña en el mecanismo de autenticación sin estar basado en certificados en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que atacantes descifren contraseñas de usuario mediante hashes sin sal. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVE-2017-3960 – McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability
https://notcve.org/view.php?id=CVE-2017-3960
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. Vulnerabilidad de explotación de autorización en la interfaz web en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que usuarios autenticados obtengan privilegios elevados mediante un parámetro HTTP request manipulado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 •
CVE-2017-3961 – SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2017-3961
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz web en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que usuarios autenticados puedan reflejar código HTML arbitrario en la página web de respuesta mediante entradas de atributos de usuarios que hayan sido manipuladas. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •