CVE-2017-3907

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:mcafee_threat_intelligence_exchange:2.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:26

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10207 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10207 -
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 5.4

07 Nov 2023, 02:44

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10207 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10207 -

Information

Published : 2018-06-13 21:29

Updated : 2024-11-21 03:26


NVD link : CVE-2017-3907

Mitre link : CVE-2017-3907

CVE.ORG link : CVE-2017-3907


JSON object : View

Products Affected

mcafee

  • mcafee_threat_intelligence_exchange
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')