McAfee Data Loss Prevention Endpoint ePO extension XSS Vulnerability
Release date:
Updated on:
Affected Systems:
McAfee Data Loss Prevention Endpoint <= 9.3.400
Description:
CVE (CAN) ID: CVE-2015-2760
McAfee Network Data Loss Prevention can monitor Network traffic to prevent Data Loss.
In versions earlier than McAfee Data Loss Prevention Endpoint (DLPe) 9.3 Patch 4 Hotfix 16 (9.3.416.4), the ePO extension has the cross-site scripting vulnerability, authenticated remote users can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Fran & #231; ois-Xavier Stellamans
Link: http://secunia.com/advisories/63783/
Https://kc.mcafee.com/corporate/index? Page = content & id = SB10111
*>
Suggestion:
Vendor patch:
McAfee
------
McAfee has released a Security Bulletin (SB10111) for this purpose and corresponding patches:
SB10111: McAfee Security Bulletin-Data Loss Prevention Endpoint ePO extension update fixes several vulnerabilities: XSS, Denial of Service, Improper Access Control, and Cross-Site Request Forgery
Link: https://kc.mcafee.com/corporate/index? Page = content & id = SB10111
Patch download: http://www.mcafee.com/us/downloads/downloads.aspx
This article permanently updates the link address: