search cancel

Preventing unauthorized XSS scripts from executing in DLP

book

Article ID: 190379

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

As per Symantec Security Advisory SYMSA1484, DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability.

Environment

DLP 15.5 MP1 and prior

Resolution

Customers with different versions of DLP have the following methods of remediation for this issue:
  • For best results, all users of Symantec DLP should upgrade to version 15.5 MP2 or 15.7, where the stated issues are corrected. For additional details, see the 15.5 MP2 Release Notes, p. 12. ("Issue IDs" 4245688, 4245969, 4245971).
  • For DLP 15.5 MP1, there is a hot fix for this issue. The hot fix installer is available on the Broadcom Product Downloads page.
    The file name is "Hotfix_15.5.0105.01001_Server.zip".
    The "Read Me" file included in the hot fix ZIP file contains details on applying the fix for that version - which can only be applied to 15.5 MP1.
  • Users of DLP 15.1 should upgrade to 15.1 MP2, where the stated issues are corrected. For additional details, see the 15.1 MP2 Release Notes, p. 26 ("Issue ID" = 4241211; a copy of those Release Notes is attached to this page).
  • For users of DLP 15.0 MP1, there is also a hot fix for this issue. The hot fix installer is available on the Broadcom Product Downloads page.
    The file name is "Hotfix_15.0.0122.01002_Server.zip". The "Read Me" file included in the hot fix ZIP file contains details on applying the fix for that version - which can only be applied to 15.0 MP1.
  • Users of prior releases of the product should upgrade to one of the versions listed above, but can also review additional mitigation instructions contained in SYMSA1484.

Attachments

1588889846792__Symantec_DLP_15.1_MP2_Release_Notes.pdf get_app