{"api_version":"1","generated_at":"2026-07-17T03:19:03+00:00","cve":"CVE-2017-4014","urls":{"html":"https://cve.report/CVE-2017-4014","api":"https://cve.report/api/cve/CVE-2017-4014.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-4014","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-4014"},"summary":{"title":"CVE-2017-4014","description":"Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.","state":"PUBLISHED","assigner":"intel","published_at":"2017-05-17 21:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-384","Session Side jacking vulnerability"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"8","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6","severity":"","vector":"AV:N/AC:M/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securitytracker.com/id/1038523","name":"http://www.securitytracker.com/id/1038523","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"McAfee Network Data Loss Prevention Multiple Bugs Let Remote Users Conduct Session Hijacking and Cross-Site Scripting Attacks and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"McAfee Security Bulletin - Network Data Loss Prevention update fixes eleven vulnerabilities (CVE-2017-3933, CVE-2017-3934, CVE-2017-3935, CVE-2017-3968, CVE-2017-4011, CVE-2017-4012, CVE-2017-4013, CVE-2017-4014, CVE-2017-4015, CVE-2017-4016, and CVE-2017-4017)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-4014","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-4014","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"McAfee","product":"Network Data Loss Prevention (NDLP)","version":"affected 9.3.x","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"4014","vulnerable":"1","versionEndIncluding":"9.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"network_data_loss_prevention","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T14:39:41.150Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198"},{"name":"1038523","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1038523"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Network Data Loss Prevention (NDLP)","vendor":"McAfee","versions":[{"status":"affected","version":"9.3.x"}]}],"datePublic":"2017-05-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request."}],"problemTypes":[{"descriptions":[{"description":"Session Side jacking vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-07T09:57:01.000Z","orgId":"6dda929c-bb53-4a77-a76d-48e79601a1ce","shortName":"intel"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198"},{"name":"1038523","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1038523"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@intel.com","ID":"CVE-2017-4014","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Network Data Loss Prevention (NDLP)","version":{"version_data":[{"version_value":"9.3.x"}]}}]},"vendor_name":"McAfee"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Session Side jacking vulnerability"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10198"},{"name":"1038523","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038523"}]}}}},"cveMetadata":{"assignerOrgId":"6dda929c-bb53-4a77-a76d-48e79601a1ce","assignerShortName":"intel","cveId":"CVE-2017-4014","datePublished":"2017-05-17T21:00:00.000Z","dateReserved":"2016-12-26T00:00:00.000Z","dateUpdated":"2024-08-05T14:39:41.150Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-05-17 21:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-384","Session Side jacking vulnerability"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*","versionEndIncluding":"9.3.0","matchCriteriaId":"DABB617F-203F-4074-82D2-B975C15221F3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"4014","Ordinal":"1","Title":"CVE-2017-4014","CVE":"CVE-2017-4014","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"4014","Ordinal":"1","NoteData":"Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.","Type":"Description","Title":"CVE-2017-4014"},{"CveYear":"2017","CveId":"4014","Ordinal":"2","NoteData":"2017-05-17","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"4014","Ordinal":"3","NoteData":"2017-07-07","Type":"Other","Title":"Modified"}]}}}