PT-2011-2867 · F Secure+2 · F-Secure Policy Manager+2
Published
2011-02-25
·
Updated
2017-08-17
·
CVE-2011-1102
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
F-Secure Policy Manager versions 7.x through 9.00 before hotfix 4 on Windows and hotfix 2 on Linux
F-Secure Policy Manager version 8.00 before hotfix 2
F-Secure Policy Manager version 8.1x before hotfix 3 on Windows and hotfix 2 on Linux
Description
A cross-site scripting (XSS) issue exists in the WebReporting module, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For F-Secure Policy Manager versions 7.x, apply hotfix 2 or later to resolve the issue.
For F-Secure Policy Manager version 8.00, apply hotfix 2 or later to resolve the issue.
For F-Secure Policy Manager version 8.1x on Windows, apply hotfix 3 or later to resolve the issue.
For F-Secure Policy Manager version 8.1x on Linux, apply hotfix 2 or later to resolve the issue.
For F-Secure Policy Manager version 9.00 on Windows, apply hotfix 4 or later to resolve the issue.
For F-Secure Policy Manager version 9.00 on Linux, apply hotfix 2 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F-Secure Policy Manager
Linux
Windows