CVE-2017-3961 - Vulnerability Details - OpenCVE

Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00338.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Network Security Manager

Configuration 1 [-]

cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2017-13078	Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kc.mcafee.com/corporate/index?page=content&id=SB10192

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2018-05-25T13:00:00Z

Updated: 2024-09-16T23:15:49.235Z

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-3961

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-25T13:29:00.210

Modified: 2024-11-21T03:26:22.530

Link: CVE-2017-3961

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"platforms": ["x86"], "product": "Network Security Management (NSM)", "vendor": "McAfee", "versions": [{"lessThan": "8.2.7.42.2", "status": "affected", "version": "8.2.7.42.2", "versionType": "custom"}]}], "datePublic": "2017-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting (XSS) vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-25T12:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"}], "source": {"advisory": "SB10192", "discovery": "INTERNAL"}, "title": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2017-03-29T17:00:00.000Z", "ID": "CVE-2017-3961", "STATE": "PUBLIC", "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Network Security Management (NSM)", "version": {"version_data": [{"affected": "<", "platform": "x86", "version_affected": "<", "version_name": "8.2.7.42.2", "version_value": "8.2.7.42.2"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting (XSS) vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"}]}, "source": {"advisory": "SB10192", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.300Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2017-3961", "datePublished": "2018-05-25T13:00:00Z", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-09-16T23:15:49.235Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BAB1F42-EE61-4A4E-BFAA-550B220CA0EB", "versionEndExcluding": "8.2.7.42.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz web en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que usuarios autenticados puedan reflejar c\u00f3digo HTML arbitrario en la p\u00e1gina web de respuesta mediante entradas de atributos de usuarios que hayan sido manipuladas."}], "id": "CVE-2017-3961", "lastModified": "2024-11-21T03:26:22.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-25T13:29:00.210", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}