Operating System:

[Win]

Published:

19 March 2013

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0041
        McAfee Vulnerability Manager Hotfixes available to address
                    cross-site scripting vulnerability
                               19 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Vulnerability Manager
Operating System:     Windows Server 2003
Impact/Access:        Cross-site Scripting -- Remote with User Interaction
Resolution:           Patch/Upgrade
Member content until: Thursday, April 18 2013

OVERVIEW

        A vulnerability has been identified in McAfee Vulnerability Manager 
        versions 7.5.1 and 7.5.0. [1]


IMPACT

        The vendor has provided the following information about the
        vulnerability:
        
        "McAfee Vulnerability Manager (MVM) 7.5.0 and 7.5.1 are vulnerable to
        a cross-site scripting vulnerability. An attacker could leverage this
        vulnerability to execute arbitrary script code in the browser of an
        unsuspecting user in the context of the affected site." [1]


MITIGATION

        The vendor recommends applying the latest hotfix for your affected
        version. [1]


REFERENCES

        [1] McAfee Vulnerability Manager Hotfixes available to address
            cross-site scripting vulnerability
            https://kc.mcafee.com/corporate/index?page=content&id=KB77772

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUUfNae4yVqjM2NGpAQJcIxAAl07WpEboZ5ZIeNz6bwxILNvslCOoZ0Bn
JwA9gqDgfWzh7gSZ+q1PCOrAU/Qai0oUaCMcxMuNG1QC7MXnZF0trYIO+SvnwnX4
BH0j6LOF9RziMDJBpfSdGzt8uj7+bG4xntm+kmnFCHtHvRFDriBDPirmcZ+qNVgg
2Ea63pdq4iKsB2KEgfm+7nm3q5WDdTeN5lCKiGbPrZQLlnryYtRjcAw8li7LpyPt
CXx7U8rLuMKOXtrMgZ6ixB/sVZtaV4OMm/sn0si01jqeAWSXdVF1RXnU3SKI+zr7
qoA26+SQ7emBx3xJLxJgDbJUoCjI9xhVv7IDMqLMKoVhNHcobjlx7c7mnsenseeZ
ugon7AzZnD8OCLXI6ffYodMZFzj7PEkVOmD0TAxunku4I0ewj6KRKzfMZ/e63iGB
rCi8UCS3hBrBc+MkNt2pn4EDoShqxMQRm120fwjbtuQRx05ACW0lC0lP/PlbG3Nk
AUvVDEEe5mvym7WpNmCe6cDor8goGkfOGV9zih3OY2vTvVPlUtSA49KEh74hX2t0
5IKqnHEIvdyiLIXy3c8K6wz07oMI1UwmgC4f3RSUoeL8pRTAtJv0vm9pbIciszXN
+l+sY2UxVSBlOQ5b+giKIYVqaLcRSxgJ5x/D9jvbaZO/JCdVeeWNQ9ZodVlHI9RZ
4RXKV3tD1Nw=
=AyDs
-----END PGP SIGNATURE-----