CVE-2018-6660

2018-04-02T13:29:00
ID CVE-2018-6660
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:41:00

Description

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.