CVE-2017-3907 MEDIUM

CVE-2017-3907: McAfee Threat Intelligence Exchange (TIE) Server - Code Injection vulnerability

Vendor Mcafee
Product Threat Intelligence Exchange (TIE) Server
Published June 13, 2018
Last update August 5, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

What the vulnerability does

01Description

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.

Key dates

02Disclosure timeline

June 13, 2018 CVE published
August 5, 2024 Record updated