McAfee Network Data Loss Prevention Vulnerabilities
Last Update Date:
4 Jun 2014 09:12
Release Date:
4 Jun 2014
3863
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in McAfee Network Data Loss Prevention (DLP). A remote user can cause denial of service conditions, inject SQL commands and conduct click-jacking attacks.
- A remote user can send a specially crafted RAR file to trigger a segmentation fault and make the target system unusable for a period of time.
- A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
- The system does not provide proper framing protection (X-Frame header). A remote user can conduct click-jacking or frame-sniffing attacks to take actions on the target system acting as the target user.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- McAfee DLP Manager
- McAfee DLP Monitor
- McAfee DLP iPrevent
- McAfee DLP iDiscover
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (9.3.2 (RTW)).
http://kc.mcafee.com/corporate/index?page=content&id=SB10074
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with