CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3968 – McAfee Network Security Management (NSM) and Network Data Loss Prevention (NDLP)- Password recovery exploitation vulnerability
https://notcve.org/view.php?id=CVE-2017-3968
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. Vulnerabilidad de fijación de sesión en la interfaz web en McAfee Network Security Manager (NSM) en versiones anteriores a la 8.2.7.42.2 y McAfee Network Data Loss Prevention (NDLP) en versiones anteriores a la 9.3.4.1.5 permite que atacantes remotos revelen información sensible o manipulen la base de datos mediante una cookie de autenticación manipulada. • https://kc.mcafee.com/corporate/index?page=content&id=SB10192 https://kc.mcafee.com/corporate/index?page=content&id=SB10198 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3933
https://notcve.org/view.php?id=CVE-2017-3933
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. Existe una vulnerabilidad de incrustación de script (XSS) en cabeceras HTTP en versiones 9.3.x de McAfee Network Data Loss Prevention (NDLP) que permite que usuarios autenticados remotos visualicen información confidencial mediante un ataque Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/101628 https://kc.mcafee.com/corporate/index?page=content&id=SB10198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •