A public hot fix for Symantec Data Loss Prevention 15.0 Maintenance Pack (MP) 1 and for Data Loss Prevention 15.5 MP1 is available for download from the My Products tab at the MySymantec site.
The hot fix addresses a persistent cross-site scripting (XSS) issue that could potentially affect the Enforce Server administration console. XSS exploits can enable attackers to inject client-side scripts into web pages viewed by users. Symantec is not aware of any exploitations or adverse customer impact from this issue.
All Data Loss Prevention 15.0 MP1 and 15.5 MP1 users should apply the hot fix to the Enforce Server; apply the hot fix appropriate for your version.
Data Loss Prevention 15.1 and 15.1 MP1 users should update immediately to Data Loss Prevention 15.1 MP2. The 15.1 MP2 release contains a fix for the XSS issue and there is no need to apply a separate hot fix for this issue.
To apply the hot fix to Data Loss Prevention 15.0 MP1: Download Hotfix_15.0.0122.01002_Server.zip from the MySymantec site and follow the installation instructions provided in the readme file that accompanies the hot fix.
To apply the hot fix to Data Loss Prevention 15.5 MP1: Download Hotfix_15.5.0105.01001_Server.zip from the MySymantec site and follow the installation instructions provided in the readme file that accompanies the hot fix.
Subscribing will provide email updates when this Article is updated. Login is required.