Knowledge Center

McAfee SNS Notice: Updates Resolve McAfee Network Security Manager Vulnerabilities
SNS Emails ID:   SNS1905
Last Modified:  3/21/2019


Three vulnerabilities in McAfee Network Security Manager (NSM) have been discovered and resolved.

Affected Software

  • 9.1: All NSM software prior to
  • 9.2: All NSM software prior to

Remediated/Updated Versions
The vulnerabilities are remediated in these versions:



  • CWE-79 (CVSS: 6.5; Severity: Medium)
    The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
  • CWE-118, CVE-2019-3606 (CVSS: 7.7; Severity: High)
    Data Leakage Attacks vulnerability in the web portal component when in a Manager Disaster Recovery (MDR) pair in McAfee Network Security Management (NSM) 9.x allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.
  • CWE-592, CVE-2019-3597 (CVSS: 6.5; Severity: Medium)
    Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.x allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.  

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base articles:

Also included in these releases
For a full list of changes, see the Release Notes:

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

March 21, 2019

Rate this document


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.