Albert Sánchez Miñano

**Name of the Vulnerable Software and Affected Versions** FireEye Endpoint Security version 5.2.0.958244 **Description** The issue is related to improper cleanup in exceptions thrown by FireEye Endpoint Security. This could allow an attacker to send multiple request packets to the `containment notify/preview` parameter, potentially leading to a service outage. The vulnerability is associated with errors in pointer counting in the network subsystem, which could be exploited by a remote attacker to cause a denial of service using the `Containment notify/preview` parameter. **Recommendations** For FireEye Endpoint Security version 5.2.0.958244, consider disabling access to the `containment notify/preview` parameter as a temporary workaround until a patch is available. Restricting the use of this parameter can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireEye EX version 9.0.3.936727 **Description** The issue is related to Cross-Site Scripting (XSS) in FireEye EX. An attacker can exploit this by sending a specially crafted JavaScript payload via the `type` and `s f name` parameters to an authenticated user, allowing them to retrieve the user's session details. **Recommendations** For FireEye EX version 9.0.3.936727, as a temporary workaround, consider disabling the use of the `type` and `s f name` parameters until a patch is available. Restrict access to authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireEye Central Management version 9.1.1.956704 **Description** The issue allows an attacker to modify special HTML elements in the application, causing a reflected XSS that could lead to session hijacking. This occurs because an attacker can modify these elements, allowing for the execution of malicious scripts. **Recommendations** For version 9.1.1.956704, consider disabling any functionality that allows modification of special HTML elements until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of session hijacking.

**Name of the Vulnerable Software and Affected Versions** FireEye Central Management version 9.1.1.956704 **Description** The issue allows an attacker to upload a malicious PDF file to the system during the report creation process. This is a remote file inclusion vulnerability. **Recommendations** For FireEye Central Management version 9.1.1.956704, consider restricting the upload of PDF files during the report creation process until a patch is available. As a temporary workaround, restrict access to the report creation feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireEye HXTool version 4.6 **Description** This issue allows an attacker to store a specially crafted JavaScript payload in the `Profile Name` and `Hostname/IP` parameters. The payload will be triggered when items are loaded, potentially leading to Cross-Site Scripting. **Recommendations** For FireEye HXTool version 4.6, consider restricting the use of the `Profile Name` and `Hostname/IP` parameters until a patch is available. As a temporary workaround, avoid using these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireEye HXTool version 4.6 **Description** The issue allows an attacker to redirect a legitimate user to a malicious page by changing the `redirect uri` parameter. This could lead to phishing attacks or other malicious activities. **Recommendations** For FireEye HXTool version 4.6, consider restricting access to the `redirect uri` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireEye Malware Analysis (AX) version 9.0.3.936530 **Description** The issue allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. This is achieved by exploiting a Cross-Site Scripting weakness in the application. **Recommendations** For FireEye Malware Analysis (AX) version 9.0.3.936530, consider restricting access to the application until a patch is available, and avoid using the application with sensitive user sessions. As a temporary workaround, consider implementing additional validation and sanitization of user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.