Privilege Escalation Vulnerability in McAfee Network Data Loss Prevention
CVE-2017-4012

6.5MEDIUM

Key Information:

Vendor: Mcafee
Status: Network Data Loss Prevention (ndlp)
Vendor: CVE Published:; 17 May 2017

Summary

In McAfee Network Data Loss Prevention (NDLP) version 9.3.x, a vulnerability exists that allows remote authenticated users to escalate their privileges. By manipulating HTTP requests, these users can gain unauthorized access to sensitive information, posing a significant privacy risk for organizations relying on this data protection solution. This flaw underscores the importance of maintaining up-to-date security measures and constant vigilance within network environments.

Affected Version(s)

Network Data Loss Prevention (NDLP) 9.3.x

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038523

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2017
Vulnerability Reserved
Dec 26, 2016