Updated:  February 24, 2010

Statement Date:   December 23, 2009

Status

Affected

Vendor Statement

Please see Cross Site Scripting & Forgery Issue (XSS/CSRF) in NMC-Based Products.

Vendor Information

Update NMC firmware as specified by APC. Release notes indicate that these vulnerabilities are addressed in firmware version 3.7.2 for certain NMCs. APC has indicated that the vulnerabilities are also addressed in firmware version 5.1.1.

Vendor References

• http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
• http://www.apcmedia.com/salestools/PMAR-82BMH5_R0_EN.zip