- ATD 3.6.x and earlier
The vulnerability is remediated in these versions:
- ATD 3.8.0 and later
SQL Injection in ATD Linux 3.6.0 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. The ATD 3.8.0 release resolves this vulnerability. Intel Security highly recommends that all customers upgrade to the latest version of ATD.
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10189, Intel Security - Security Bulletin: Advanced Threat Defense update fixes SQL Injection vulnerability (CVE-2017-3899) (https://kc.mcafee.com/corporate/index?page=content&id=SB10189