Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for McAfee Network Security Manager (NSM) by McAfee LLC

    CVE-2019-3606 (GCVE-0-2019-3606)

    Vulnerability from nvd – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
    Summary
    Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75 (91.update 4) (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
              },
              {
                "name": "107613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107613"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75 (91.update 4)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-29T07:06:06.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
            },
            {
              "name": "107613",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107613"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3606",
              "STATE": "PUBLIC",
              "TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75 (91.update 4)"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
                },
                {
                  "name": "107613",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107613"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3606",
        "datePublished": "2019-03-26T17:23:48.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3597 (GCVE-0-2019-3597)

    Vulnerability from nvd – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Authentication bypass in McAfee Network Security Manager 9.x
    Summary
    Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75.2 (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
              },
              {
                "name": "107609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75.2",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-28T12:06:05.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
            },
            {
              "name": "107609",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107609"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication bypass in McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3597",
              "STATE": "PUBLIC",
              "TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
                },
                {
                  "name": "107609",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107609"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3597",
        "datePublished": "2019-03-26T17:21:31.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3606 (GCVE-0-2019-3606)

    Vulnerability from cvelistv5 – Published: 2019-03-26 17:23 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
    Summary
    Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
    CWE
    • Data Leakage Attacks vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75 (91.update 4) (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
              },
              {
                "name": "107613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107613"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75 (91.update 4)",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Leakage Attacks vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-29T07:06:06.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
            },
            {
              "name": "107613",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107613"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3606",
              "STATE": "PUBLIC",
              "TITLE": "Data leakage when in an MDR pair by McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75 (91.update 4)"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 \u003c 9.1.7.75 (Update 4) and 9.2 \u003c 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Leakage Attacks vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10274"
                },
                {
                  "name": "107613",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107613"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3606",
        "datePublished": "2019-03-26T17:23:48.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3597 (GCVE-0-2019-3597)

    Vulnerability from cvelistv5 – Published: 2019-03-26 17:21 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Authentication bypass in McAfee Network Security Manager 9.x
    Summary
    Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
    CWE
    • Authentication Bypass vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee LLC McAfee Network Security Manager (NSM) Affected: 9.1 , < 9.1.7.75.2 (custom)
    Affected: 9.2 , < 9.2.7.31 (9.2 Update 2) (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
              },
              {
                "name": "107609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Network Security Manager (NSM)",
              "vendor": "McAfee LLC",
              "versions": [
                {
                  "lessThan": "9.1.7.75.2",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.2.7.31 (9.2 Update 2)",
                  "status": "affected",
                  "version": "9.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-28T12:06:05.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
            },
            {
              "name": "107609",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107609"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication bypass in McAfee Network Security Manager 9.x",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3597",
              "STATE": "PUBLIC",
              "TITLE": "Authentication bypass in McAfee Network Security Manager 9.x"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Network Security Manager (NSM)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.1",
                                "version_value": "9.1.7.75.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.2",
                                "version_value": "9.2.7.31 (9.2 Update 2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 \u003c 9.1.7.75.2 and 9.2 \u003c 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10275"
                },
                {
                  "name": "107609",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107609"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3597",
        "datePublished": "2019-03-26T17:21:31.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }