CVE-2018-6681: SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability
First published: Tue Jul 17 2018(Updated: )
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Network Security Manager | <=9.1.7.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-6681?
CVE-2018-6681 is an Abuse of Functionality vulnerability in the web interface of McAfee Network Security Management (NSM) 9.1.7.11 and earlier.
How does CVE-2018-6681 affect McAfee Network Security Manager?
CVE-2018-6681 allows authenticated users to inject arbitrary HTML code into the response web page through the appliance web interface.
What is the severity of CVE-2018-6681?
CVE-2018-6681 has a severity rating of medium with a CVSS score of 5.4.
How can I fix CVE-2018-6681 in McAfee Network Security Manager?
To fix CVE-2018-6681, users should update McAfee Network Security Manager to version 9.1.7.12 or later.
What is the Common Weakness Enumeration (CWE) for CVE-2018-6681?
The Common Weakness Enumeration (CWE) for CVE-2018-6681 is CWE-79, which corresponds to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/mcafee
- canonical/mcafee network security manager
- version/mcafee network security manager/9.1.7.11