CVE-2017-3969 – SB10192 - Network Security Management (NSM) - Abuse of communication channels vulnerability
https://notcve.org/view.php?id=CVE-2017-3969
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. Vulnerabilidad de abuso de canales de comunicación en el servidor en McAfee Network Security Management (NSM), en versiones anteriores a la 8.2.7.42.2, permite que atacantes Man-in-the-Middle (MitM) descifren mensajes mediante la implementación inadecuada de SSL. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-417: Communication Channel Errors •
CVE-2017-3972 – SB10192 - Network Security Management (NSM) - Infrastructure-based foot printing vulnerability
https://notcve.org/view.php?id=CVE-2017-3972
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information. Vulnerabilidad de foot printing basada en infraestructura en la interfaz web en McAfee Network Security Management (NSM), en versiones anteriores a la 8.2.7.42.2, permite que atacantes ejecuten código arbitrario mediante el banner del servidor, filtrando información potencialmente sensible o relevante para la seguridad. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-2390
https://notcve.org/view.php?id=CVE-2014-2390
Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. Vulnerabilidad de CSRF en el módulo User Management en McAfee Network Security Manager (NSM) anterior a 6.1.15.39 7.1.5.x anterior a 7.1.5.15, 7.1.15.x anterior a 7.1.15.7, 7.5.x anterior a 7.5.5.9, y 8.x anterior a 8.1.7.3 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que modifican las cuentas de los usuarios a través de vectores no especificados. • http://www.securitytracker.com/id/1030674 https://kc.mcafee.com/corporate/index?page=content&id=SB10081 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2009-3565 – McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3565
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en intruvert/jsp/module/Login.jsp en McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) iaction o (2) node. The McAfee Network Security Manager suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/10061 https://www.exploit-db.com/exploits/33346 http://kc.mcafee.com/corporate/index?page=content&id=SB10004 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023171 http://www.osvdb.org/59911 http://www.secureworks.com/ctu/advisories/SWRX-2009-001 http://www.securityfocus.com/archive/1/507820/100/0/threaded http://www.securityfocus.com/bid/37003 http://www.vupen.com/english/advisories/2009/3226 https://exchange. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3566 – McAfee Network Security Manager 5.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2009-3566
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.8.1 no incluye la bandera (flag) HTTPOnly en la cabecera Set-Cookie para la identificación de la sesión, lo que permite a atacantes remotos secuestrar una sesión aprovechando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). The McAfee Network Security Manager suffers from authentication bypass and session hijacking vulnerabilities. • https://www.exploit-db.com/exploits/33347 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023172 http://www.osvdb.org/59912 http://www.secureworks.com/ctu/advisories/SWRX-2009-002 http://www.securityfocus.com/archive/1/507822/100/0/threaded http://www.securityfocus.com/bid/37004 http://www.vupen.com/english/advisories/2009/3226 https://exchange.xforce.ibmcloud.com/vulnerabilities/54251 https://kc.mcafee.com/corporate/index?page=content&id=SB10005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •