February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Squirrelwaffle Exploits ProxyLogon and ProxyShell Infect Systems
November 24, 2021Rewterz Threat Advisory – Multiple VMware vCenter Server Vulnerabilities
November 24, 2021Rewterz Threat Alert – Squirrelwaffle Exploits ProxyLogon and ProxyShell Infect Systems
November 24, 2021Rewterz Threat Advisory – Multiple VMware vCenter Server Vulnerabilities
November 24, 2021
Severity
High
Analysis Summary
CVE-2021-31852
McAfee Policy Auditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the UID request parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-31851
McAfee Policy Auditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the profileNodeID request parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Affected Vendors
McAfee
Affected Products
- McAfee Policy Auditor 5.3.0
- McAfee Policy Auditor 5.3.0.167
Remediation
Refer to McAfee Security Advisory for patch, upgrade, or suggested workaround information.