McAfee Network Data Loss Prevention Vulnerabilities

Last Update Date: 4 Jun 2014 09:12 Release Date: 4 Jun 2014 2903 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in McAfee Network Data Loss Prevention (DLP). A remote user can cause denial of service conditions, inject SQL commands and conduct click-jacking attacks.

  1. A remote user can send a specially crafted RAR file to trigger a segmentation fault and make the target system unusable for a period of time.
  2. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
  3. The system does not provide proper framing protection (X-Frame header). A remote user can conduct click-jacking or frame-sniffing attacks to take actions on the target system acting as the target user.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • McAfee DLP Manager
  • McAfee DLP Monitor
  • McAfee DLP iPrevent
  • McAfee DLP iDiscover

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

PHP CDF Processing Vulnerability

4 Jun 2014 3065 Views

Next

Microsoft Windows Kernel Denial of Service Vulnerabilities

3 Jun 2014 3050 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY