{"containers":{"cna":{"affected":[{"platforms":["x86"],"product":"McAfee Application Control and Change Control (MACC)","vendor":"McAfee","versions":[{"status":"affected","version":"7.0.1"}]},{"product":"McAfee Application Control and Change Control (MACC)","vendor":"McAfee","versions":[{"status":"affected","version":"6.2.0"}]}],"credits":[{"lang":"en","value":"McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."}],"datePublic":"2018-02-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-274","description":"Privilege Escalation (CWE-274)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2018-09-19T09:57:01.000Z","orgId":"01626437-bf8f-4d1c-912a-893b5eb04808","shortName":"trellix"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10224"},{"name":"102988","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/102988"}],"source":{"advisory":"SB10224","discovery":"EXTERNAL"},"title":"McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","ID":"CVE-2017-3912","STATE":"PUBLIC","TITLE":"McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"McAfee Application Control and Change Control (MACC)","version":{"version_data":[{"affected":"=","platform":"x86","version_affected":"=","version_name":"7.0.1","version_value":"7.0.1"},{"affected":"=","version_affected":"=","version_name":"6.2.0","version_value":"6.2.0"}]}}]},"vendor_name":"McAfee"}]}},"credit":[{"lang":"eng","value":"McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Privilege Escalation (CWE-274)"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10224","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10224"},{"name":"102988","refsource":"BID","url":"http://www.securityfocus.com/bid/102988"}]},"source":{"advisory":"SB10224","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T14:39:41.145Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10224"},{"name":"102988","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/102988"}]}]},"cveMetadata":{"assignerOrgId":"01626437-bf8f-4d1c-912a-893b5eb04808","assignerShortName":"trellix","cveId":"CVE-2017-3912","datePublished":"2018-09-18T22:00:00.000Z","dateReserved":"2016-12-26T00:00:00.000Z","dateUpdated":"2024-08-05T14:39:41.145Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}