McAfee Data Loss Prevention Endpoint ePO extension XSS Vulnerability
McAfee Data Loss Prevention Endpoint <= 9.3.400
CVE (CAN) ID: CVE-2015-2760
McAfee Network Data Loss Prevention can monitor Network traffic to prevent Data Loss.
In versions earlier than McAfee Data Loss Prevention Endpoint (DLPe) 9.3 Patch 4 Hotfix 16 (9.3.416.4), the ePO extension has the cross-site scripting vulnerability, authenticated remote users can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Fran & #231; ois-Xavier Stellamans
Https://kc.mcafee.com/corporate/index? Page = content & id = SB10111
McAfee has released a Security Bulletin (SB10111) for this purpose and corresponding patches:
SB10111: McAfee Security Bulletin-Data Loss Prevention Endpoint ePO extension update fixes several vulnerabilities: XSS, Denial of Service, Improper Access Control, and Cross-Site Request Forgery
Link: https://kc.mcafee.com/corporate/index? Page = content & id = SB10111
Patch download: http://www.mcafee.com/us/downloads/downloads.aspx
This article permanently updates the link address: