FSC-2011-2: Cross-site Scripting Vulnerability
Brief Description
A cross-site scripting and path disclosure vulnerability exist in the WebReporting module of F-Secure Policy Manager.
Mitigating Factors
The WebReporting interface is typically used internally in corporate networks which limits the number of remote hosts that can attempt to exploit this vulnerability.
Affected Platforms
All platforms supported by the affected products.
Products
Risk Level: MEDIUM (Low/Medium/High/Critical)
• F-Secure Policy Manager versions 7.x, 8.x and 9.x
Notes
F-Secure recommends that administrators of the affected systems patch or upgrade their systems.
Credit
F-Secure Corporation wants to thank Sow Ching Shiong for bringing this issue to our attention.
Patch Available
| Product | Versions | Download |
|---|---|---|
| F-Secure Policy Manager for Windows | 8.00 | ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.00-windows-hotfix-2.zip |
| F-Secure Policy Manager for Windows | 8.1x | ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.1x-windows-hotfix-3.zip |
| F-Secure Policy Manager for Windows | 9.00 | ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-9.00-windows-hotfix-4.zip |
| F-Secure Policy Manager for Linux | 8.00 | ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.00-linux-hotfix-2.zip |
| F-Secure Policy Manager for Linux | 8.1x | ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.1x-linux-hotfix-2.zip |
| F-Secure Policy Manager for Linux | 9.00 | ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-9.00-linux-hotfix-2.zip |
Date Issued: 2011-02-24
Last Updated: 2011-02-24
