Loading...

Knowledge Center


McAfee SNS Notice: Update Resolves Network Security Manager Vulnerability
SNS Emails ID:   SNS1987
Last Modified:  5/14/2019

Body

A vulnerability in McAfee Network Security Manager has been discovered and resolved.
 
Affected Software
  • Network Security Manager prior to 9.1.7.77
Remediated/Updated Versions
The vulnerability is remediated in:
  • Network Security Manager 9.1.7.77 and later
Impact
CWE-79,CVE-2019-3602 (CVSS: 4.8; Severity: Medium)
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager prior to 9.1.7.77 (9.1 Update 5) allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

Recommendation
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10281: McAfee Security Bulletin - Network Security Manager update fixes a Cross-Site Scripting vulnerability (CVE-2019-3602): https://kc.mcafee.com/corporate/index?page=content&id=SB10281.
 
Also included in Network Security Manager 9.1.7.77
This release contains infrastructure changes in the Manager database and a newer version of the Linux-based kernel for Manager/Central Manager. It also includes support for dynamic signature set compilation based on priority and fixes for critical issues. The release is available for M-series, NS-series, and virtual IPS platform.

For a full list of changes, see the Release Notes:

This software is available on:

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

May 14, 2019

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.