CVE-2017-4015

Name of the Vulnerable Software and Affected Versions McAfee Network Data Loss Prevention (NDLP) versions 9.3.x

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via HTTP response headers. This can be exploited by injecting malicious code into the HTTP response header.

Recommendations For McAfee Network Data Loss Prevention (NDLP) versions 9.3.x, consider restricting access to the server to minimize the risk of exploitation until a patch is available. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via HTTP response headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.