Security Advisories

FSC-2011-2: CROSS-SITE SCRIPTING VULNERABILITY

Description

A cross-site scripting and path disclosure vulnerability exist in the WebReporting module of F-Secure Policy Manager.
 

Affected Products


Risk Level: MEDIUM (Low/Medium/High/Critical)

  • F-Secure Policy Manager versions 7.x, 8.x and 9.x

 

Platforms

All platforms supported by the affected products.

 

Notes

F-Secure recommends that administrators of the affected systems patch or upgrade their systems.

Mitigating Factor

The WebReporting interface is typically used internally in corporate networks which limits the number of remote hosts that can attempt to exploit this vulnerability.

 

Patch Available

Product Versions        Download
F-Secure Policy Manager for Windows 8.00 ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.00-windows-hotfix-2.zip
F-Secure Policy Manager for Windows 8.1x ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.1x-windows-hotfix-3.zip
F-Secure Policy Manager for Windows 9.00 ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-9.00-windows-hotfix-4.zip
F-Secure Policy Manager for Linux 8.00 ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.00-linux-hotfix-2.zip
F-Secure Policy Manager for Linux 8.1x ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.1x-linux-hotfix-2.zip
F-Secure Policy Manager for Linux 9.00 ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-9.00-linux-hotfix-2.zip

Credits

F-Secure Corporation wants to thank Sow Ching Shiong for bringing this issue to our attention.

 

 

Date Issued: 2011-02-24
Last Updated: 2011-02-24

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now