VYPR

Intrushield Security Management System

by McAfee

CVEs (23)

  • CVE-2017-3965HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the…

  • CVE-2020-7284HigJul 3, 2020
    risk 0.56cvss 8.6epss 0.00

    Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

  • CVE-2017-3972HigApr 3, 2018
    risk 0.54cvss 8.3epss 0.02

    Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.

  • CVE-2017-3971HigApr 4, 2018
    risk 0.53cvss 8.2epss 0.00

    Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.

  • CVE-2017-3969HigApr 4, 2018
    risk 0.53cvss 8.2epss 0.01

    Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.

  • CVE-2017-3968HigJun 13, 2018
    risk 0.49cvss 7.5epss 0.01

    Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted…

  • CVE-2020-7336MedJan 5, 2021
    risk 0.43cvss 6.6epss 0.01

    Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.

  • CVE-2017-3966MedApr 4, 2018
    risk 0.42cvss 6.4epss 0.01

    Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the…

  • CVE-2017-3967MedApr 4, 2018
    risk 0.40cvss 6.1epss 0.01

    Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.

  • CVE-2017-3960MedJun 12, 2018
    risk 0.38cvss 5.9epss 0.01

    Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.

  • CVE-2017-3962MedJun 12, 2018
    risk 0.36cvss 5.6epss 0.00

    Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.

  • CVE-2018-6681MedJul 17, 2018
    risk 0.35cvss 5.4epss 0.01

    Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.

  • CVE-2021-4038MedDec 9, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize…

  • CVE-2020-7258MedMar 18, 2020
    risk 0.31cvss 4.8epss 0.01

    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.

  • CVE-2020-7256MedMar 18, 2020
    risk 0.31cvss 4.8epss 0.01

    Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.

  • CVE-2017-3961LowMay 25, 2018
    risk 0.23cvss 3.5epss 0.01

    Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.

  • CVE-2017-3964LowApr 4, 2018
    risk 0.23cvss 3.5epss 0.01

    Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.

  • CVE-2009-3566Nov 13, 2009
    risk 0.03cvss epss 0.04

    McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

  • CVE-2009-3565Nov 13, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

  • CVE-2014-2390Aug 29, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the…

Page 1 of 2