Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-71


McAfee Network Data Loss Prevention Multiple Vulnerabilities
Severity Rating: High
Systems Affected:
  • McAfee DLP Manager
  • McAfee DLP Monitor
  • McAfee DLP iPrevent
  • McAfee DLP iDiscover
Description
Multiple vulnerabilities have been identified in McAfee Network Data Loss Prevention and they can be exploited by remote attackers to gain elevated privileges, conduct click jacking attacks, gain knowledge of sensitive information, conduct cross-site scripting attacks and determine valid usernames on vulnerable systems. The vulnerabilities reported are as follows:
 
·         A vulnerability exists because the software does not properly filter HTML code from user-supplied input in HTTP headers before displaying the input. This vulnerability can allow a remote attacker to cause execution of arbitrary scripting code to be executed by the target user's browser. The code will originate from the McAfee Network Data Loss Prevention interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
 
·         A vulnerability exists remote user can send a specially crafted request to view potentially sensitive product information from the target system.
 
·         A vulnerability exists that can allow a remote user to send a specially crafted HTTP request to view confidential information on the target system.
 
·         A vulnerability exists that can allow a remote user to hijack a target user's mouse clicks to take actions on the site acting as the target user.
 
·         A vulnerability exists that can allow a remote user can conduct session-side hijacking attacks to view, add, or remove users on the target system.
 
·         A vulnerability exists that can allow a remote user can send a specially crafted request to view web server methods.
 
·         A vulnerability exists that can allow a remote user to exploit a flaw in the web interface to obtain potentially sensitive user information on the target system.
 
Solution
Users are advised to update apply updates.
More information is available on:
 
 
CVE Information
 
Vendor Information
McAfee
 
References
Security Tracker
 
McAfee
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis