CVE-2017-3964

Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.

CVSS v3 3.5 LOW
CVSS v2.0 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10192
https://kc.mcafee.com/corporate/index?page=content&id=SB10192

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:26

Type	Values Removed	Values Added
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10192 -~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10192 -
CVSS	v2 : ~~3.5~~ v3 : ~~5.4~~	v2 : 3.5 v3 : 3.5

07 Nov 2023, 02:44

Type	Values Removed	Values Added
References	~~(CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10192 - Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10192 -

Information

Published : 2018-04-04 13:29

Updated : 2024-11-21 03:26

NVD link : CVE-2017-3964

Mitre link : CVE-2017-3964

CVE.ORG link : CVE-2017-3964

JSON object : View

Products Affected

mcafee

network_security_manager

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2017-3964

3.5^/10

3.5^/10

Attach tags to `CVE-2017-3964`