Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0041 McAfee Vulnerability Manager Hotfixes available to address cross-site scripting vulnerability 19 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Vulnerability Manager Operating System: Windows Server 2003 Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Thursday, April 18 2013 OVERVIEW A vulnerability has been identified in McAfee Vulnerability Manager versions 7.5.1 and 7.5.0. [1] IMPACT The vendor has provided the following information about the vulnerability: "McAfee Vulnerability Manager (MVM) 7.5.0 and 7.5.1 are vulnerable to a cross-site scripting vulnerability. An attacker could leverage this vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site." [1] MITIGATION The vendor recommends applying the latest hotfix for your affected version. [1] REFERENCES [1] McAfee Vulnerability Manager Hotfixes available to address cross-site scripting vulnerability https://kc.mcafee.com/corporate/index?page=content&id=KB77772 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUUfNae4yVqjM2NGpAQJcIxAAl07WpEboZ5ZIeNz6bwxILNvslCOoZ0Bn JwA9gqDgfWzh7gSZ+q1PCOrAU/Qai0oUaCMcxMuNG1QC7MXnZF0trYIO+SvnwnX4 BH0j6LOF9RziMDJBpfSdGzt8uj7+bG4xntm+kmnFCHtHvRFDriBDPirmcZ+qNVgg 2Ea63pdq4iKsB2KEgfm+7nm3q5WDdTeN5lCKiGbPrZQLlnryYtRjcAw8li7LpyPt CXx7U8rLuMKOXtrMgZ6ixB/sVZtaV4OMm/sn0si01jqeAWSXdVF1RXnU3SKI+zr7 qoA26+SQ7emBx3xJLxJgDbJUoCjI9xhVv7IDMqLMKoVhNHcobjlx7c7mnsenseeZ ugon7AzZnD8OCLXI6ffYodMZFzj7PEkVOmD0TAxunku4I0ewj6KRKzfMZ/e63iGB rCi8UCS3hBrBc+MkNt2pn4EDoShqxMQRm120fwjbtuQRx05ACW0lC0lP/PlbG3Nk AUvVDEEe5mvym7WpNmCe6cDor8goGkfOGV9zih3OY2vTvVPlUtSA49KEh74hX2t0 5IKqnHEIvdyiLIXy3c8K6wz07oMI1UwmgC4f3RSUoeL8pRTAtJv0vm9pbIciszXN +l+sY2UxVSBlOQ5b+giKIYVqaLcRSxgJ5x/D9jvbaZO/JCdVeeWNQ9ZodVlHI9RZ 4RXKV3tD1Nw= =AyDs -----END PGP SIGNATURE-----