McAfee Data Loss Prevention Endpoint ePO extension XSS Vulnerability

McAfee Data Loss Prevention Endpoint ePO extension XSS Vulnerability

Release date:
Updated on:

Affected Systems:
McAfee Data Loss Prevention Endpoint <= 9.3.400
Description:
CVE (CAN) ID: CVE-2015-2760

McAfee Network Data Loss Prevention can monitor Network traffic to prevent Data Loss.

In versions earlier than McAfee Data Loss Prevention Endpoint (DLPe) 9.3 Patch 4 Hotfix 16 (9.3.416.4), the ePO extension has the cross-site scripting vulnerability, authenticated remote users can exploit this vulnerability to inject arbitrary Web scripts or HTML.

<* Source: Fran & #231; ois-Xavier Stellamans

Link: http://secunia.com/advisories/63783/
Https://kc.mcafee.com/corporate/index? Page = content & id = SB10111
*>

Suggestion:
Vendor patch:

McAfee
------
McAfee has released a Security Bulletin (SB10111) for this purpose and corresponding patches:
SB10111: McAfee Security Bulletin-Data Loss Prevention Endpoint ePO extension update fixes several vulnerabilities: XSS, Denial of Service, Improper Access Control, and Cross-Site Request Forgery
Link: https://kc.mcafee.com/corporate/index? Page = content & id = SB10111

Patch download: http://www.mcafee.com/us/downloads/downloads.aspx

This article permanently updates the link address: