[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple vulnerabilities in McAfee ePO 4.6.6

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple vulnerabilities in McAfee ePO 4.6.6
From: Harold_Toomey@xxxxxxxxxx
Date: Mon, 15 Jul 2013 23:54:47 GMT

McAfee has released a Knowledgebase Article (KB) to address the issues reported 
by a NATO pen test.  

https://kc.mcafee.com/corporate/index?page=content&id=KB78824

Both SQL Injection vulnerabilities were identified on May 10th, 2013 and 
patched as specified in SB10043. McAfee's internal testing leads us to believe 
that the ePO systems that NATO penetration tested were not running with the 
most recent and available patches at the time of the test. Namely, the patched 
agent extension installed for ePO 4.6.6, as described in SB10043.

The Reflected Cross-Site Scripting vulnerabilities are low severity.  They will 
be resolved in ePO 4.6.7, which is tentatively scheduled to be released in late 
Q3 2013.

- Harold

Harold Toomey, CISSP, CISA, CISM, CRISC, CGEIT
Principal Product Security Architect
Product Security Group, McAfee, Inc.
(972) 963-7754 | Direct
(801) 830-9987 | Mobile
Harold_Toomey@xxxxxxxxxx

Prev by Date: [CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities
Next by Date: Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue
Previous by thread: Multiple vulnerabilities in McAfee ePO 4.6.6
Next by thread: Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
Index(es):
- Date
- Thread