Intrushield Security Management System

CVEs (26)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2009-3566	McAfee Intrushield Security Management System	0.03	—	0.05	Nov 13, 2009	McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
CVE-2009-3565	McAfee Intrushield Security Management System	0.03	—	0.06	Nov 13, 2009	Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
CVE-2021-4038	McAfee Intrushield Security Management System	0.00	—	0.00	Dec 9, 2021	Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize…
CVE-2020-7336	McAfee Intrushield Security Management System	0.00	—	0.00	Jan 5, 2021	Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
CVE-2020-7284	McAfee Intrushield Security Management System	0.00	—	0.00	Jul 3, 2020	Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
CVE-2020-7256	McAfee Intrushield Security Management System	0.00	—	0.00	Mar 18, 2020	Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVE-2020-7258	McAfee Intrushield Security Management System	0.00	—	0.00	Mar 18, 2020	Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVE-2019-3602	McAfee Intrushield Security Management System	0.00	—	0.00	May 15, 2019	Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
CVE-2019-3606	McAfee Intrushield Security Management System	0.00	—	0.00	Mar 26, 2019	Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI…
CVE-2019-3597	McAfee Intrushield Security Management System	0.00	—	0.00	Mar 26, 2019	Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
CVE-2018-6681	McAfee Intrushield Security Management System	0.00	—	0.00	Jul 17, 2018	Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
CVE-2017-3968	McAfee Network Data Loss Prevention	0.00	—	0.00	Jun 13, 2018	Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted…
CVE-2017-3960	McAfee Intrushield Security Management System	0.00	—	0.00	Jun 12, 2018	Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
CVE-2017-3962	McAfee Intrushield Security Management System	0.00	—	0.00	Jun 12, 2018	Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
CVE-2017-3961	McAfee Intrushield Security Management System	0.00	—	0.00	May 25, 2018	Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2017-3966	McAfee Intrushield Security Management System	0.00	—	0.00	Apr 4, 2018	Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the…
CVE-2017-3965	McAfee Intrushield Security Management System	0.00	—	0.00	Apr 4, 2018	Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the…
CVE-2017-3964	McAfee Intrushield Security Management System	0.00	—	0.00	Apr 4, 2018	Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-3969	McAfee Intrushield Security Management System	0.00	—	0.00	Apr 4, 2018	Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-3967	McAfee Intrushield Security Management System	0.00	—	0.00	Apr 4, 2018	Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.

CVE-2009-3566Nov 13, 2009
McAfee
Intrushield Security Management System
risk 0.03cvss —epss 0.05
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
CVE-2009-3565Nov 13, 2009
McAfee
Intrushield Security Management System
risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
CVE-2021-4038Dec 9, 2021
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize…
CVE-2020-7336Jan 5, 2021
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
CVE-2020-7284Jul 3, 2020
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
CVE-2020-7256Mar 18, 2020
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVE-2020-7258Mar 18, 2020
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVE-2019-3602May 15, 2019
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.
CVE-2019-3606Mar 26, 2019
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI…
CVE-2019-3597Mar 26, 2019
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
CVE-2018-6681Jul 17, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
CVE-2017-3968Jun 13, 2018
McAfee
Network Data Loss Prevention
risk 0.00cvss —epss 0.00
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted…
CVE-2017-3960Jun 12, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
CVE-2017-3962Jun 12, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
CVE-2017-3961May 25, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2017-3966Apr 4, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the…
CVE-2017-3965Apr 4, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the…
CVE-2017-3964Apr 4, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-3969Apr 4, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-3967Apr 4, 2018
McAfee
Intrushield Security Management System
risk 0.00cvss —epss 0.00
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.

Page 1 of 2