CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

PT-2022-21777 · Mcafee · Mcafee Epo

Name of the Vulnerable Software and Affected Versions: McAfee ePO versions prior to 5.10 Update 14 Description: The issue allows an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack by exploiting an External XML entity XXE vulnerability. This can be done ...

CVE-2021-23890

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...

CVE-2021-23890

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...

Information disclosure

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...

CVE-2021-23890

CVE-2021-23890 (McAfee ePolicy Orchestrator) : An information-disclosure flaw in the ePO Agent Handler allows an unauthenticated attacker in a DMZ-enabled setup to download McAfee Agent packages from the ePO repository and obtain policy details from the ePO server. Affected: McAfee ePO prior to 5...

CVE-2021-23890 McAfee ePO Information Leak vulnerability

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...

Privilege Escalation

Jenkins is vulnerable to privilege escalation. An attacker is able to inject malicious input into the functionality of the file config.xml of the component Agent Handler...

McAfee ePolicy Orchestrator Information Disclosure Vulnerability (CNVD-2019-21460)

McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from McAfee. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An information disclosure vulnerability exists in the Agent Handler program in...

CVE-2019-3619

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator ePO 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server...

CVE-2019-3619

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator ePO 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server...

Information disclosure

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator ePO 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server...

CVE-2019-3619

CVE-2019-3619 affects McAfee ePolicy Orchestrator (ePO) with the Agent Handler in 5.9.x and 5.10.0 prior to 5.10.0 Update 4. It is an information-disclosure vulnerability where sensitive data can be viewed in plain text by sniffing traffic between the Agent Handler and the SQL server. The root ca...

CVE-2019-3619

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator ePO 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server...

McAfee ePolicy Orchestrator 4.6.x Multiple Vulnerabilities (SB10042)

According to its self-reported version, the version of McAfee ePolicy Orchestrator running on the remote host has the following vulnerabilities : - An unspecified SQL injection vulnerability exists in the Agent-Handler component. A remote, unauthenticated attacker could exploit this to execute...

CVE-2013-0140

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator ePO before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel...

CVE-2013-0140

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator ePO before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel...

CVE-2013-0140

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator ePO before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel...