CVE-2017-4014
First published: Wed May 17 2017(Updated: )
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Network Data Loss Prevention | <=9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-4014?
CVE-2017-4014 has a medium severity level due to its ability to allow unauthorized user management.
How do I fix CVE-2017-4014?
To fix CVE-2017-4014, update to McAfee Network Data Loss Prevention version 9.3.1 or later.
Who is affected by CVE-2017-4014?
CVE-2017-4014 affects users of McAfee Network Data Loss Prevention versions 9.3.0 and earlier.
What types of attacks can CVE-2017-4014 facilitate?
CVE-2017-4014 can facilitate session hijacking, allowing remote authenticated users to manipulate users within the system.
Is CVE-2017-4014 a client-side or server-side vulnerability?
CVE-2017-4014 is a server-side vulnerability that affects how user management is handled.
- collector/nvd-index
- agent/tags
- agent/event
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/mcafee
- canonical/mcafee network data loss prevention
- version/mcafee network data loss prevention/9.3.0