CVE-2017-4012 — Improper Privilege Management in Network Data Loss Prevention

2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Data Loss Prevention

Timeline

PublishedMay 17

Latest updateMay 13

Description

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/network_data_loss_prevention9.3.0

▶CVEListV5mcafee/network_data_loss_prevention9.3.x

🔴Vulnerability Details

GHSA

GHSA-c2hm-6w3q-3g89: Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9↗2022-05-13

▶