Search criteria
4 vulnerabilities found for McAfee Network Security Manager (NSM) by McAfee LLC
CVE-2019-3606 (GCVE-0-2019-3606)
Vulnerability from cvelistv5 – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
VLAI?
Title
Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
Summary
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
Severity ?
7.7 (High)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee LLC | McAfee Network Security Manager (NSM) |
Affected:
9.1 , < 9.1.7.75 (91.update 4)
(custom)
Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Network Security Manager (NSM)",
"vendor": "McAfee LLC",
"versions": [
{
"lessThan": "9.1.7.75 (91.update 4)",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.2.7.31 (9.2 Update 2)",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T07:06:06",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107613"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3606",
"STATE": "PUBLIC",
"TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Network Security Manager (NSM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1.7.75 (91.update 4)"
},
{
"version_affected": "\u003c",
"version_name": "9.2",
"version_value": "9.2.7.31 (9.2 Update 2)"
}
]
}
}
]
},
"vendor_name": "McAfee LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107613"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3606",
"datePublished": "2019-03-26T17:23:48",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3597 (GCVE-0-2019-3597)
Vulnerability from cvelistv5 – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
VLAI?
Title
Authentication bypass in McAfee Network Security Manager 9.x
Summary
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
Severity ?
6.5 (Medium)
CWE
- Authentication Bypass vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee LLC | McAfee Network Security Manager (NSM) |
Affected:
9.1 , < 9.1.7.75.2
(custom)
Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Network Security Manager (NSM)",
"vendor": "McAfee LLC",
"versions": [
{
"lessThan": "9.1.7.75.2",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.2.7.31 (9.2 Update 2)",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T12:06:05",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107609"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication bypass in McAfee Network Security Manager 9.x",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3597",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Network Security Manager (NSM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1.7.75.2"
},
{
"version_affected": "\u003c",
"version_name": "9.2",
"version_value": "9.2.7.31 (9.2 Update 2)"
}
]
}
}
]
},
"vendor_name": "McAfee LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107609"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3597",
"datePublished": "2019-03-26T17:21:31",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3606 (GCVE-0-2019-3606)
Vulnerability from nvd – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
VLAI?
Title
Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
Summary
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
Severity ?
7.7 (High)
CWE
- Data Leakage Attacks vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee LLC | McAfee Network Security Manager (NSM) |
Affected:
9.1 , < 9.1.7.75 (91.update 4)
(custom)
Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Network Security Manager (NSM)",
"vendor": "McAfee LLC",
"versions": [
{
"lessThan": "9.1.7.75 (91.update 4)",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.2.7.31 (9.2 Update 2)",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Leakage Attacks vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T07:06:06",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107613"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3606",
"STATE": "PUBLIC",
"TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Network Security Manager (NSM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1.7.75 (91.update 4)"
},
{
"version_affected": "\u003c",
"version_name": "9.2",
"version_value": "9.2.7.31 (9.2 Update 2)"
}
]
}
}
]
},
"vendor_name": "McAfee LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Leakage Attacks vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
},
{
"name": "107613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107613"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3606",
"datePublished": "2019-03-26T17:23:48",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3597 (GCVE-0-2019-3597)
Vulnerability from nvd – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
VLAI?
Title
Authentication bypass in McAfee Network Security Manager 9.x
Summary
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
Severity ?
6.5 (Medium)
CWE
- Authentication Bypass vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee LLC | McAfee Network Security Manager (NSM) |
Affected:
9.1 , < 9.1.7.75.2
(custom)
Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Network Security Manager (NSM)",
"vendor": "McAfee LLC",
"versions": [
{
"lessThan": "9.1.7.75.2",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.2.7.31 (9.2 Update 2)",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T12:06:05",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107609"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication bypass in McAfee Network Security Manager 9.x",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3597",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Network Security Manager (NSM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1.7.75.2"
},
{
"version_affected": "\u003c",
"version_name": "9.2",
"version_value": "9.2.7.31 (9.2 Update 2)"
}
]
}
}
]
},
"vendor_name": "McAfee LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
},
{
"name": "107609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107609"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3597",
"datePublished": "2019-03-26T17:21:31",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}