Skip to main content

McAfee Network Data Loss Prevention Vulnerabilities

Last Update Date: 4 Jun 2014 09:12 Release Date: 4 Jun 2014 3863 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in McAfee Network Data Loss Prevention (DLP). A remote user can cause denial of service conditions, inject SQL commands and conduct click-jacking attacks.

  1. A remote user can send a specially crafted RAR file to trigger a segmentation fault and make the target system unusable for a period of time.
  2. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
  3. The system does not provide proper framing protection (X-Frame header). A remote user can conduct click-jacking or frame-sniffing attacks to take actions on the target system acting as the target user.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • McAfee DLP Manager
  • McAfee DLP Monitor
  • McAfee DLP iPrevent
  • McAfee DLP iDiscover

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link