8.8
CVE-2017-3965
- EPSS 0.55%
- Veröffentlicht 04.04.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:26:22
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Network Security Manager Version < 8.2.7.42.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.415 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://kc.mcafee.com/corporate/index?page=content&id=SB10192