CVE-2017-3907: Code Injection
First published: Wed Jun 13 2018(Updated: )
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Threat Intelligence Exchange | =2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-3907?
CVE-2017-3907 is classified as a medium severity vulnerability.
How do I fix CVE-2017-3907?
To remediate CVE-2017-3907, update McAfee Threat Intelligence Exchange to a version later than 2.1.0.
What products are affected by CVE-2017-3907?
CVE-2017-3907 affects McAfee Threat Intelligence Exchange version 2.1.0 and earlier.
What type of vulnerability is CVE-2017-3907?
CVE-2017-3907 is a code injection vulnerability.
Can CVE-2017-3907 allow remote code execution?
Yes, CVE-2017-3907 allows remote attackers to execute arbitrary HTML code on the affected system.
- agent/author
- agent/type
- agent/description
- agent/severity
- agent/tags
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- vendor/mcafee
- canonical/mcafee threat intelligence exchange
- version/mcafee threat intelligence exchange/2.1.0