Mcafee Network Security Management vulnerabilities
16 known vulnerabilities affecting mcafee/network_security_management.
Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2020-7336MEDIUMCVSS 6.5≥ 9.0, < 9.2.9.55≥ 10.0, < 10.1.7.35+2 more2021-01-05
CVE-2020-7336 [MEDIUM] CWE-352 CVE-2020-7336: Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
nvd
CVE-2020-7284HIGHCVSS 7.8≥ 9.0, < 9.2.9.55≥ 10.0, < 10.1.7.7+1 more2020-07-03
CVE-2020-7284 [HIGH] CWE-200 CVE-2020-7284: Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allo
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
nvd
CVE-2020-7256MEDIUMCVSS 4.8≥ unspecified, < 9.1 update 62020-03-18
CVE-2020-7256 [MEDIUM] CWE-79 CVE-2020-7256: Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
nvd
CVE-2020-7258MEDIUMCVSS 4.8≥ unspecified, < 9.1 update 62020-03-18
CVE-2020-7258 [MEDIUM] CWE-79 CVE-2020-7258: Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
nvd
CVE-2018-6681MEDIUMCVSS 5.4≥ 9.1.7.11, ≤ 9.1.7.112018-07-17
CVE-2018-6681 [MEDIUM] CWE-79 CVE-2018-6681: Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
nvd
CVE-2017-3968CRITICALCVSS 9.1≥ 8, < 8.2.7.42.22018-06-13
CVE-2017-3968 [CRITICAL] CWE-384 CVE-2017-3968: Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.
nvd
CVE-2017-3962CRITICALCVSS 9.8≥ 8, < 8.2.7.42.22018-06-12
CVE-2017-3962 [CRITICAL] CWE-916 CVE-2017-3962: Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism i
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.
nvd
CVE-2017-3960HIGHCVSS 8.8≥ 8, < 8.2.7.42.22018-06-12
CVE-2017-3960 [HIGH] CVE-2017-3960: Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Manageme
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
nvd
CVE-2017-3961MEDIUMCVSS 5.4≥ 8.2.7.42.2, < 8.2.7.42.22018-05-25
CVE-2017-3961 [MEDIUM] CWE-79 CVE-2017-3961: Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
nvd
CVE-2017-3965HIGHCVSS 8.8≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3965 [HIGH] CWE-352 CVE-2017-3965: Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.
nvd
CVE-2017-3966MEDIUMCVSS 6.3≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3966 [MEDIUM] CWE-613 CVE-2017-3966: Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the w
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
nvd
CVE-2017-3967MEDIUMCVSS 6.1≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3967 [MEDIUM] CWE-94 CVE-2017-3967: Target influence via framing vulnerability in the web interface in McAfee Network Security Managemen
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
nvd
CVE-2017-3964MEDIUMCVSS 5.4≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3964 [MEDIUM] CWE-79 CVE-2017-3964: Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
nvd
CVE-2017-3971MEDIUMCVSS 6.5≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3971 [MEDIUM] CWE-326 CVE-2017-3971: Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
nvd
CVE-2017-3969MEDIUMCVSS 5.9≥ 8.2, < 8.2.7.42.22018-04-04
CVE-2017-3969 [MEDIUM] CWE-417 CVE-2017-3969: Abuse of communication channels vulnerability in the server in McAfee Network Security Management (N
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
nvd
CVE-2017-3972CRITICALCVSS 9.8≥ 8.2, < 8.2.7.42.22018-04-03
CVE-2017-3972 [CRITICAL] CWE-200 CVE-2017-3972: Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Man
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.
nvd