One vulnerability in Data Loss Prevention Endpoint has been discovered and resolved.
AFFECTED SOFTWARE
The vulnerability is remediated in these versions:
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10202, McAfee Security Bulletin: DLP ePO extension update fixes CROSS SITE SCRIPTING (XSS) vulnerability (https://kc.mcafee.com/corporate/index?page=content&id=SB10202
AFFECTED SOFTWARE
- Data Loss Prevention Endpoint Extension 10.0.x
The vulnerability is remediated in these versions:
- Data Loss Prevention Extension 11.0.x and newer.
- CVE-2017-3948 (CVSS 4.6 / 4.2 Severity:Medium) Multiple Stored Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user’s browsing session.
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10202, McAfee Security Bulletin: DLP ePO extension update fixes CROSS SITE SCRIPTING (XSS) vulnerability (https://kc.mcafee.com/corporate/index?page=content&id=SB10202