Security feature bypass

2018-06-1514:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

CPENameOperatorVersion
epolicy_orchestratorge5.3.0
epolicy_orchestratorle5.3.3
epolicy_orchestratorge5.9.0
epolicy_orchestratorle5.9.1

Name	Operator	Version
epolicy_orchestrator	ge	5.3.0
epolicy_orchestrator	le	5.3.3
epolicy_orchestrator	ge	5.9.0
epolicy_orchestrator	le	5.9.1

References

www.securityfocus.com/bid/104485

www.securitytracker.com/id/1041155

kc.mcafee.com/corporate/index?page=content&id=SB10240

www.exploit-db.com/exploits/46518/