A critical vulnerability in epolicy Orchestrator (ePO) 5.X has been discovered and resolved.
AFFECTED SOFTWARE
The vulnerability is remediated in these versions:
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10187,
Intel Security - Security Bulletin: ePO update fixes cross-site scriptingSQL Injection vulnerability. (https://kc.mcafee.com/corporate/index?page=content&id=SB10187
AFFECTED SOFTWARE
- ePO 5.1.3 and earlier
- ePO 5.3.2 and earlier
The vulnerability is remediated in these versions:
- ePO 5.1.3 Hotfix 1167014
- ePO 5.3.1 Hotfix 1179709
- ePO 5.3.2 Hotfix 1167013
- CVE-2016-8027 (CVSS: 10.0; Severity: Critical) A specially crafted HTTP post can allow an aggressor to alter a SQL query which can result in disclosure of information within the database or impersonation of an agent without authentication.
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10187,
Intel Security - Security Bulletin: ePO update fixes cross-site scriptingSQL Injection vulnerability. (https://kc.mcafee.com/corporate/index?page=content&id=SB10187