CVE-2017-3902: XSS
First published: Mon Feb 13 2017(Updated: )
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trellix ePolicy Orchestrator | =5.1.0 | |
| Trellix ePolicy Orchestrator | =5.1.1 | |
| Trellix ePolicy Orchestrator | =5.1.2 | |
| Trellix ePolicy Orchestrator | =5.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3902?
CVE-2017-3902 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2017-3902?
To fix CVE-2017-3902, upgrade to a patched version of Intel Security ePO, specifically versions 5.1.4 or later.
Who is affected by CVE-2017-3902?
Authenticated users of Intel Security ePO versions 5.1.0 to 5.1.3 are affected by CVE-2017-3902.
Can CVE-2017-3902 allow malicious scripts to run?
Yes, CVE-2017-3902 can allow authenticated users to inject and execute malicious Java scripts through the web interface.
What is the impact of CVE-2017-3902?
The impact of CVE-2017-3902 can lead to unauthorized actions being taken on behalf of users, potentially breaching data integrity.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.1.0
- version/mcafee epolicy orchestrator/5.1.1
- version/mcafee epolicy orchestrator/5.1.2
- version/mcafee epolicy orchestrator/5.1.3