Severity

Medium

Analysis Summary

CVE-2021-4038

McAfee Network Security Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the administrator interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

• Cross-Site Scripting

Affected Vendors

McAfee

Affected Products

• McAfee Network Security Manager 5.1.7.7
• McAfee Network Security Manager 8.1.7.2
• McAfee Network Security Manager 7.5.5.8
• McAfee Network Security Manager 7.1.15.6
• McAfee Network Security Manager 7.1.5.14
• McAfee Network Security Manager 6.1.15.38
• McAfee Network Security Manager (NSM) 9.1.7.74
• McAfee Network Security Manager (NSM) 9.2.7.30
• McAfee Network Security Manager (NSM) 9.1

Remediation

Refer to McAfee Security Advisory for patch, upgrade or suggested workaround information.