Knowledge Center

McAfee SNS Notice: Update Resolves Network Security Manager Vulnerability
SNS Emails ID:   SNS1987
Last Modified:  5/14/2019


A vulnerability in McAfee Network Security Manager has been discovered and resolved.
Affected Software
  • Network Security Manager prior to
Remediated/Updated Versions
The vulnerability is remediated in:
  • Network Security Manager and later
CWE-79,CVE-2019-3602 (CVSS: 4.8; Severity: Medium)
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager prior to (9.1 Update 5) allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10281: McAfee Security Bulletin - Network Security Manager update fixes a Cross-Site Scripting vulnerability (CVE-2019-3602): https://kc.mcafee.com/corporate/index?page=content&id=SB10281.
Also included in Network Security Manager
This release contains infrastructure changes in the Manager database and a newer version of the Linux-based kernel for Manager/Central Manager. It also includes support for dynamic signature set compilation based on priority and fixes for critical issues. The release is available for M-series, NS-series, and virtual IPS platform.

For a full list of changes, see the Release Notes:

This software is available on:

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

May 14, 2019

Rate this document


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.