CVE-2017-4015

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.
References
Link Resource
http://www.securitytracker.com/id/1038523 Broken Link Third Party Advisory VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10198 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*

History

26 Jan 2024, 18:01

Type Values Removed Values Added
CWE CWE-20 CWE-1021
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - Vendor Advisory (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - Broken Link, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id/1038523 - (SECTRACK) http://www.securitytracker.com/id/1038523 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2017-05-17 21:29

Updated : 2024-02-28 15:44


NVD link : CVE-2017-4015

Mitre link : CVE-2017-4015

CVE.ORG link : CVE-2017-4015


JSON object : View

Products Affected

mcafee

  • network_data_loss_prevention
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames