Rewterz Threat Advisory – ICS: Rockwell Automation ISaGRAF5 Runtime
June 10, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
June 10, 2021Rewterz Threat Advisory – ICS: Rockwell Automation ISaGRAF5 Runtime
June 10, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
June 10, 2021Severity
Medium
Analysis Summary
CVE-2021-31832
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
Impact
- Cross-site Scripting
Affected Vendors
McAfee
Affected Products
- DLP Endpoint for Windows
Remediation
Install or update to DLP Endpoint for Windows 11.6.200
http://www.mcafee.com/us/downloads/downloads.aspx