PT-2017-16177 · Mcafee · Mcafee Network Data Loss Prevention

Published

2017-05-17

Updated

2017-07-08

CVE-2017-4014

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Network Data Loss Prevention (NDLP) versions 9.3.x

Description A session side jacking issue in the server allows remote authenticated users to view, add, and remove users by modifying the HTTP request.

Recommendations For versions 9.3.x, update to a version that includes a fix for this issue to prevent unauthorized modification of user accounts.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2017-4014

Affected Products

Mcafee Network Data Loss Prevention

PT-2017-16177 · Mcafee · Mcafee Network Data Loss Prevention

CVE-2017-4014

Weakness Enumeration

Related Identifiers

Affected Products

References · 4