====================================================================

                              CERT-Renater

                  Note d'Information No. 2016/VULN082
_____________________________________________________________________

DATE                : 26/02/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Traps ESM Console versions prior to 3.1.5.3691,
                                       3.2.1.3559.

======================================================================
https://securityadvisories.paloaltonetworks.com/Home/Detail/34
_____________________________________________________________________

Last revised: 02/23/2016


Summary

A cross-site scripting vulnerability exists in the web-based console
management. This vulnerability has been assigned CVE-2015-2223.


Severity: Medium

This issue affects the management interface of Traps, where an
authenticated administrator may be tricked into injecting malicious
JavaScript into the web UI interface.


Products Affected

Traps ESM Console version 3.2.1 and earlier


Available Updates

Traps ESM Console 3.1.5.3691 and higher, Traps ESM Console 3.2.1.3559
and higher

Workarounds and Mitigations

Acknowledgements

Michael Hendrickx


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================