A vulnerability in ePO 5.1.3 has been discovered and resolved.
AFFECTED SOFTWARE: 126.96.36.199
REMEDIATED / REMITTED VERSIONS
The vulnerability is remedied in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787.
• The solution will be included in 5.1.4 (when available).
• The problem never had an impact on ePO 5.3.0 or higher
• CVE-2017-3902 (CVSS: 4.0; Gravity: Medium)
A cross-site scripting vulnerability (XSS) in the web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1 and 5.1.0 allows authenticated users to inject malicious Java scripts by preventing inbound validation.
Intel Security recommends that all customers verify that they have applied the latest updates. Affected users must install the relevant patches or patches. For complete instructions and information, see the Knowledge Base article SB10184 – Intel Security – Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (https://kc.mcafee.com / corporate / index? page) = content & id = SB10184)
For more information about the revision, see the release notes for ePO 5.1.3 Hotfix 1110787:
PD26861 – https://kc.mcafee.com/corporate/index?page=content&id=PD26861