C0Ntexb

Name of the Vulnerable Software and Affected Versions: McAfee IntruShield Security Management System (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The injection can occur via the `thirdMenuName` or `resourceName` parameter to the "SystemEvent.jsp" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: McAfee IntruShield Security Management System (affected versions not specified) Description: The issue allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true. This can be achieved by manipulating specific parameters in certain JSP files, including setting the `fullAccess` or `fullAccessRight` parameter in "reports-column-center.jsp", or the `fullAccess` parameter in "SystemEvent.jsp". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: McAfee IntruShield Security Management System (affected versions not specified) Description: The issue allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack, as the system obtains the user ID from the URL. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.