Vulnerabilities > Mcafee > Network Security Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-3966 | Insufficient Session Expiration vulnerability in Mcafee Network Security Manager Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. | 6.3 |
| 2018-04-04 | CVE-2017-3964 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. | 5.4 |
| 2014-08-29 | CVE-2014-2390 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. | 6.8 |