Preventing unauthorized XSS scripts from executing in DLP
book
Article ID: 190379
calendar_today
Updated On:
Products
Data Loss Prevention Enforce
Issue/Introduction
As per Symantec Security Advisory SYMSA1484, DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability.
Environment
DLP 15.5 MP1 and prior
Resolution
Customers with different versions of DLP have the following methods of remediation for this issue:
For best results, all users of Symantec DLP should upgrade to version 15.5 MP2 or 15.7, where the stated issues are corrected. For additional details, see the 15.5 MP2 Release Notes, p. 12. ("Issue IDs" 4245688, 4245969, 4245971).
For DLP 15.5 MP1, there is a hot fix for this issue. The hot fix installer is available on the Broadcom Product Downloads page. The file name is "Hotfix_15.5.0105.01001_Server.zip". The "Read Me" file included in the hot fix ZIP file contains details on applying the fix for that version - which can only be applied to 15.5 MP1.
Users of DLP 15.1 should upgrade to 15.1 MP2, where the stated issues are corrected. For additional details, see the 15.1 MP2 Release Notes, p. 26 ("Issue ID" = 4241211; a copy of those Release Notes is attached to this page).
Users of prior releases of the product should upgrade to one of the versions listed above, but can also review additional mitigation instructions contained in SYMSA1484.