CVE-2017-4014

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

Published: May 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-4014
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
mcafee / network_data_loss_prevention	-	9.3.0.x

http://www.securitytracker.com/id/1038523
https://kc.mcafee.com/corporate/index?page=content&id=SB10198

Vulnerability Database

289,599

CVE-2017-4014