6.5
CVE-2017-3966
- EPSS 0.22%
- Veröffentlicht 04.04.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:26:23
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
LoginSB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Network Security Manager Version < 8.2.7.42.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.417 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 6.4 | 0.9 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."