Patches Resolve ePO 5.1.3 Vulnerability

(1/17/2017)

Hello friends,
A vulnerability in ePO 5.1.3 has been discovered and resolved.

AFFECTED SOFTWARE: 5.1.3.188

REMEDIATED/PATCHED VERSIONS

The vulnerability is remediated in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787.
• Fix will be included in 5.1.4 (when available).
• Issue never impacted ePO 5.3.0 or higher

IMPACT
• CVE-2017-3902 (CVSS: 4.0; Severity: Medium)
A cross-site scripting (XSS) vulnerability in the Web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10184 – Intel Security – Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (https://kc.mcafee.com/corporate/index?page=content&id=SB10184)

For more information on the hotfix see the ePO 5.1.3 Hotfix 1110787 Release Notes:
PD26861 – https://kc.mcafee.com/corporate/index?page=content&id=PD26861

Leave a Reply

Your email address will not be published. Required fields are marked *