Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Multiple vulnerabilities in McAfee ePO 4.6.6
From: Harold_Toomey () McAfee com
Date: Mon, 15 Jul 2013 23:54:47 GMT

McAfee has released a Knowledgebase Article (KB) to address the issues reported by a NATO pen test.  

https://kc.mcafee.com/corporate/index?page=content&id=KB78824

Both SQL Injection vulnerabilities were identified on May 10th, 2013 and patched as specified in SB10043. McAfee's 
internal testing leads us to believe that the ePO systems that NATO penetration tested were not running with the most 
recent and available patches at the time of the test. Namely, the patched agent extension installed for ePO 4.6.6, as 
described in SB10043.

The Reflected Cross-Site Scripting vulnerabilities are low severity.  They will be resolved in ePO 4.6.7, which is 
tentatively scheduled to be released in late Q3 2013.

- Harold

Harold Toomey, CISSP, CISA, CISM, CRISC, CGEIT
Principal Product Security Architect
Product Security Group, McAfee, Inc.
(972) 963-7754 | Direct
(801) 830-9987 | Mobile
Harold_Toomey () McAfee com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]