CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7336 – Network Security Management (NSM) - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2020-7336
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. Una vulnerabilidad de tipo Cross Site Request Forgery en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.35 y NSM versiones 9.x anteriores a 9.2.9.55, puede permitir a un atacante cambiar la configuración de Network Security Manager por medio de una petición HTTP cuidadosamente diseñada • https://kc.mcafee.com/corporate/index?page=content&id=SB10341 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7284 – Network Security Management (NSM) - Exposure of Sensitive Information
https://notcve.org/view.php?id=CVE-2020-7284
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). Una exposición de información confidencial en McAfee Network Security Management (NSM) versiones anteriores a 10.1.7.7, permite a usuarios locales conseguir acceso no autorizado a la cuenta root mediante la ejecución de comandos cuidadosamente diseñados desde la interfaz de línea de comandos (CLI) restringida • https://kc.mcafee.com/corporate/index?page=content&id=SB10322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •