CVE-2023-5445

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL requests to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logg...

CVE-2022-3338 XXE in Trellix ePO server

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2022-3338 XXE in Trellix ePO server

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

Sql injection

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...

Privilege escalation

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server...

CVE-2021-31839 Incorrect permissions on McAfee Agent for Windows event folder

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server...

McAfee Agent (MA) Man-in-the-Middle Attack Vulnerability

McAfee Agent is prone to mitm attack vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mcafee:mcafeeagent";...

CVE-2015-8987

McAfee Agent (MA) for non-Mac OS, version 4.8.0 patch 2 and earlier, is affected by a MitM vulnerability that lets an attacker cause a MA instance to communicate with a rogue ePO server via migration to another ePO server. The OpenVAS entry and NVD record corroborate the MITM impact but do not pr...

McAfee Managed Agent contains a denial-of-service (DoS) vulnerability

Overview McAfee Managed Agent versions 4.5, 4.6, and possibly earlier versions contain a denial-of-service DoS vulnerability CWE-400. Description CWE-400:Uncontrolled Resource Consumption 'Resource Exhaustion' McAfee Managed Agent versions 4.5 and 4.6 contain a denial-of-service DoS vulnerability...