Lucene search

[email protected]NVD:CVE-2022-3338

HistoryOct 18, 2022 - 10:15 a.m.

CVE-2022-3338

2022-10-1810:15:10

CWE-611

[email protected]

web.nvd.nist.gov

epo

xxe

vulnerability

api

server side request forgery

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

Affected configurations

NVD

Node

mcafeeepolicy_orchestratorRange<5.10.0

mcafeeepolicy_orchestratorMatch5.10.0-

mcafeeepolicy_orchestratorMatch5.10.0update_1

mcafeeepolicy_orchestratorMatch5.10.0update_10

mcafeeepolicy_orchestratorMatch5.10.0update_11

mcafeeepolicy_orchestratorMatch5.10.0update_12

mcafeeepolicy_orchestratorMatch5.10.0update_13

mcafeeepolicy_orchestratorMatch5.10.0update_2

mcafeeepolicy_orchestratorMatch5.10.0update_3

mcafeeepolicy_orchestratorMatch5.10.0update_4

mcafeeepolicy_orchestratorMatch5.10.0update_5

mcafeeepolicy_orchestratorMatch5.10.0update_6

mcafeeepolicy_orchestratorMatch5.10.0update_7

mcafeeepolicy_orchestratorMatch5.10.0update_8

mcafeeepolicy_orchestratorMatch5.10.0update_9

References

kcm.trellix.com/corporate/index?page=content&id=SB10387

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for NVD:CVE-2022-3338

prion1 cve1 cvelist1 nessus1