Loading...

知识中心


McAfee SNS Notice: Update Resolves Network Security Manager Vulnerability
SNS_EMAILS ID:   SNS1987
上次修改时间:  5/14/2019

SNS_BODY

A vulnerability in McAfee Network Security Manager has been discovered and resolved.
 
Affected Software
  • Network Security Manager prior to 9.1.7.77
Remediated/Updated Versions
The vulnerability is remediated in:
  • Network Security Manager 9.1.7.77 and later
Impact
CWE-79,CVE-2019-3602 (CVSS: 4.8; Severity: Medium)
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager prior to 9.1.7.77 (9.1 Update 5) allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

Recommendation
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10281: McAfee Security Bulletin - Network Security Manager update fixes a Cross-Site Scripting vulnerability (CVE-2019-3602): https://kc.mcafee.com/corporate/index?page=content&id=SB10281.
 
Also included in Network Security Manager 9.1.7.77
This release contains infrastructure changes in the Manager database and a newer version of the Linux-based kernel for Manager/Central Manager. It also includes support for dynamic signature set compilation based on priority and fixes for critical issues. The release is available for M-series, NS-series, and virtual IPS platform.

For a full list of changes, see the Release Notes:

This software is available on:

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

SNS_ORIGINAL_SEND_DATE

May 14, 2019

Beta Translate with

Select a desired language below to translate this page.

语言:

此文章有以下语言版本:

English United States
Japanese

技术术语词汇表


 突出显示词汇表术语

请花点时间浏览一下我们的技术术语词汇表