A vulnerability in ePO 5.1.3 has been discovered and resolved.

AFFECTED SOFTWARE: 5.1.3.188

REMEDIATED / REMITTED VERSIONS
The vulnerability is remedied in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787.
• The solution will be included in 5.1.4 (when available).
• The problem never had an impact on ePO 5.3.0 or higher

IMPACT
• CVE-2017-3902 (CVSS: 4.0; Gravity: Medium)
A cross-site scripting vulnerability (XSS) in the web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1 and 5.1.0 allows authenticated users to inject malicious Java scripts by preventing inbound validation.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Affected users must install the relevant patches or patches. For complete instructions and information, see the Knowledge Base article SB10184 – Intel Security – Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (https://kc.mcafee.com / corporate / index? page) = content & id = SB10184)

For more information about the revision, see the release notes for ePO 5.1.3 Hotfix 1110787:
PD26861 – https://kc.mcafee.com/corporate/index?page=content&id=PD26861

www.mcafee.com/activate

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *