4 matches found
CVE-2022-3338 XXE in Trellix ePO server
An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...
CVE-2022-3338
CVE-2022-3338 is a Trellix ePolicy Orchestrator XXE vulnerability affecting ePO versions prior to 5.10 Update 14. An unauthenticated attacker could trigger a server-side request forgery by passing a crafted XML via the API, potentially exploiting the Agent Handler path. Supported details from con...
CVE-2022-3338 XXE in Trellix ePO server
An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...
McAfee ePolicy Orchestrator Multiple Vulnerabilities (SB10387)
The instance of McAfee ePolicy Orchestrator installed on the remote host is affected by multiple vulnerabilities, including the following: - An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side...