1. Home
  2. CVE Database
  3. CVE-2017-3907
MEDIUM · 5.4

CVE-2017-3907

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to...

Vulnerability Description

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
McafeeMcafee Threat Intelligence Exchange2.1.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2017-3907?

CVE-2017-3907 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to...

How severe is CVE-2017-3907?

CVE-2017-3907 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3907?

Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Mcafee Threat Intelligence Exchange.