Lucene search
+L
McafeeEpolicy Orchestrator

86 matches found

CVE
CVE
added 2022/03/23 2:20 p.m.2466 views

CVE-2022-0858

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 contains a cross‑site scripting (XSS) vulnerability that could allow a remote attacker to obtain an administrator’s session by persuading the user to click a crafted link, with limited ability to alter information in the affecte...

4.7CVSS4.7AI score0.00781EPSS
CVE
CVE
added 2022/03/23 2:20 p.m.2434 views

CVE-2022-0859

CVE-2022-0859 affects McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability allows a local attacker who is on the server hosting ePO (administrators) and who knows the SQL password to point the ePO server to an arbitrary SQL server during the restoration...

6.7CVSS6.6AI score0.00202EPSS
CVE
CVE
added 2022/03/23 2:25 p.m.2334 views

CVE-2022-0862

CVE-2022-0862 describes a password-change protection weakness in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13, via a depreciated API. A remote attacker could change the password of a compromised session without knowing the current password. The UI removed this functionality ...

5.3CVSS4.8AI score0.00748EPSS
CVE
CVE
added 2022/03/23 2:25 p.m.2328 views

CVE-2022-0861

The CVE-2022-0861 entry describes a XML External Entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. A remote administrator can upload a crafted XML file via the extension import functionality, with impact limited to some leakage of confidential ...

5.5CVSS4.3AI score0.00443EPSS
CVE
CVE
added 2022/03/23 2:15 p.m.2319 views

CVE-2022-0857

CVE-2022-0857 describes a reflected cross-site scripting (XSS) flaw in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability could let a remote attacker lure an administrator to click a crafted link, potentially exposing session information and allowing limited i...

6.1CVSS5.8AI score0.00694EPSS
CVE
CVE
added 2022/03/23 2:10 p.m.2303 views

CVE-2022-0842

CVE-2022-0842 affects McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability is a blind SQL injection in ePO, which could let a remote authenticated attacker obtain information from the ePO database. The amount of data potentially exposed depends on the attacker’s...

5.4CVSS5.3AI score0.00743EPSS
CVE
CVE
added 2020/05/20 6:26 p.m.1525 views

CVE-2020-9484

CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...

7CVSS7.5AI score0.56636EPSS
CVE
CVE
added 2020/07/14 3:0 p.m.976 views

CVE-2020-13935

CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...

7.5CVSS7.5AI score0.87553EPSS
CVE
CVE
added 2021/06/10 7:10 a.m.963 views

CVE-2020-13938

CVE-2020-13938 affects Apache HTTP Server 2.4.0–2.4.46. The vulnerability allows unprivileged local users to stop the httpd service on Windows. The connected sources confirm the affected product family and the local-access impact, with public advisories referencing Microsoft Windows behavior and ...

5.5CVSS6.6AI score0.11773EPSS
In wild
CVE
CVE
added 2021/02/16 4:55 p.m.810 views

CVE-2021-23840

CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...

7.5CVSS8AI score0.50732EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.714 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.614 views

CVE-2021-33037

CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...

5.3CVSS6.1AI score0.75353EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.583 views

CVE-2019-2602

CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...

7.5CVSS6.8AI score0.07437EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.469 views

CVE-2019-2975

CVE-2019-2975 affects Oracle Java SE/Scripting (and Java SE Embedded) with known affected builds: Java SE 8u221, 11.0.4, and 13; Java SE Embedded 8u221. The vulnerability concerns loading/executing untrusted code in environments like sandboxed Web Start/Applet contexts and can allow an unauthenti...

5.8CVSS4.8AI score0.03328EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.465 views

CVE-2019-2949

CVE-2019-2949 affects Oracle/OpenJDK Java SE Kerberos components. Affected Java SE: 7u231, 8u221, 11.0.4, 13; Java SE Embedded: 8u221. Exploitation requires network access via Kerberos and unauthenticated access could lead to leakage of sensitive data or elevated access. Connected documents show ...

6.8CVSS6.4AI score0.03603EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.444 views

CVE-2019-2842

CVE-2019-2842 affects Oracle Java SE OpenJDK 8u212 (JCE) and related Java SE/OpenJDK components; vulnerable component is the JCE in Java SE 8u212, with network-based unauthenticated access leading to a partial DoS of Java SE. Connected advisories confirm multiple affected package sets (java-1.8.0...

4.3CVSS3.8AI score0.03358EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.444 views

CVE-2021-2161

CVE-2021-2161 affects Oracle Java SE family (Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition) in the Libraries component. The issue arises from how untrusted code is loaded/run and data from untrusted APIs, enabling a network-accessible attacker to perform unauthenticated actions and...

5.9CVSS5.3AI score0.03125EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.438 views

CVE-2019-2745

CVE-2019-2745 is an OpenJDK/Java SE vulnerability in the Security subcomponent with affected Java versions including 7u221, 8u212, and 11.0.3. Multiple advisories (CentOS, RHEL/CentOS, Debian) describe this as a side-channel risk in EC cryptography or related OpenJDK components, with exploitation...

5.1CVSS4.8AI score0.0046EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.436 views

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

5.3CVSS5.2AI score0.0435EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.427 views

CVE-2020-2654

CVE-2020-2654 affects Oracle Java SE Libraries in Java SE 7u241, 8u231, 11.0.5 and 13.0.1 (Java SE and Java SE Embedded) with the issue described as an unauthenticated network-access vulnerability that can cause a partial denial of service. The root cause is tied to the Libraries component (with ...

4.3CVSS4.5AI score0.03823EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.422 views

CVE-2020-14581

CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...

4.3CVSS4AI score0.03284EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.417 views

CVE-2020-2590

CVE-2020-2590 is an OpenJDK/Oracle Java SE vulnerability in the Security component (Kerberos interop) affecting Java SE and Java SE Embedded across multiple versions. Public descriptions indicate unauthenticated remote access via network and potential unauthorized data updates/deletes; CVSS 3.0 b...

4.3CVSS4.4AI score0.03085EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.414 views

CVE-2020-2754

CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...

4.3CVSS4.2AI score0.04128EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.405 views

CVE-2020-2757

CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.402 views

CVE-2020-2773

CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...

4.3CVSS4.2AI score0.03625EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.390 views

CVE-2020-2604

CVE-2020-2604 affects Oracle Java SE/Java SE Embedded Serialization. Affected: Java SE 7u241, 8u231, 11.0.5, 13.0.1; Java SE Embedded 8u231. Described impact: unauthenticated, network-based attacker can take over the Java environment; high confidentiality, integrity, and availability impact (CVSS...

8.1CVSS7.7AI score0.04903EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.390 views

CVE-2020-2756

CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...

4.3CVSS4.2AI score0.04211EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.389 views

CVE-2020-14579

CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.388 views

CVE-2019-2769

CVE-2019-2769 affects Oracle Java SE/Java SE Embedded, with affected components in Utilities and related subsystems. The initial description identifies Java SE versions 7u221, 8u212, 11.0.3 and 12.0.1 and Java SE Embedded 8u211 as impacted, enabling network-based, unauthenticated exploitation tha...

5.3CVSS4.6AI score0.04351EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.387 views

CVE-2019-2894

CVE-2019-2894 affects Oracle Java SE/OpenJDK components (Security) in Java SE 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Impact: allows an unauthenticated attacker over the network to read a subset of data in Java SE/Embedded. Public advisories confirm this CVE is being addressed in mu...

4.3CVSS3.4AI score0.03159EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.387 views

CVE-2020-14792

CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...

5.8CVSS3.9AI score0.0223EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.387 views

CVE-2020-2583

CVE-2020-2583 affects OpenJDK/OpenJDK-derived packages across multiple vendors and OSes, with the Serialization component (and related areas) being impacted. Public advisories in Debian (DLA-2128-1) and CentOS/Red Hat family outline affected versions such as Java 7u241/8u231/11.0.5/13.0.1 (and em...

4.3CVSS4.3AI score0.0404EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.380 views

CVE-2020-2755

CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...

4.3CVSS4.2AI score0.03899EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.379 views

CVE-2020-14782

CVE-2020-14782 affects Oracle/OpenJDK Java SE/SE Embedded libraries (notably the Certificates processing) with affected versions including Java 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. Connected advisory data confirms multiple vendors package updates across OpenJDK variants (e.g., ALA...

4.3CVSS3.8AI score0.02272EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.370 views

CVE-2020-14578

CVE-2020-14578 affects Oracle Java SE and Java SE Embedded (Libraries component) with Java SE 7u261 and 8u251; Java SE Embedded 8u251. It is exploitable over a network (multiple protocols) by unauthenticated attackers, including via sandboxed Java Web Start apps, applets, or direct API input, lea...

4.3CVSS4.3AI score0.04044EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.358 views

CVE-2019-2816

CVE-2019-2816 affects Oracle Java SE/Java SE Embedded Networking and related components (Utilities) with affected Java SE versions 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. IBM AIX security bulletin confirms CVSS 3.0 base score 4.8 (Network, High/AC:H, Privileges N, User Interactio...

5.8CVSS4.2AI score0.02286EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.348 views

CVE-2020-2593

CVE-2020-2593 affects multiple OpenJDK/JRE components across the Java SE/Embedded stack (Networking, Security, Serialization, 2D, JAXP, Libraries, etc.). Connected advisories enumerate affected versions including Java SE 7u231/7u241, 8u221/8u231, 11.0.4/11.0.5, and 13.0.1, with OpenJDK builds for...

5.8CVSS4.9AI score0.02984EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.334 views

CVE-2019-2762

CVE-2019-2762 is a vulnerability in Oracle Java SE/Java SE Embedded Utilities. Affected are Java SE: 7u221, 8u212, 11.0.3, 12.0.1; Java SE Embedded: 8u211. Public sources in the connected documents confirm an easily exploitable issue allowing unauthenticated network access to compromise the Java ...

5.3CVSS4.6AI score0.04351EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.311 views

CVE-2019-2766

CVE-2019-2766 affects Oracle Java SE and Java SE Embedded (Networking subcomponent) with affected versions: Java SE 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. The Connected documents describe it as a network-accessible vulnerability that is difficult to exploit and can lead to unaut...

3.1CVSS3.5AI score0.02708EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.308 views

CVE-2019-2933

CVE-2019-2933 affects Oracle Java SE and Java SE Embedded (Libraries). Affected versions are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. The vulnerability can be exploited remotely via multiple protocols, with network access, by an unauthenticated attacker. Exploitation require...

4.3CVSS3.9AI score0.02308EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.238 views

CVE-2021-2432

CVE-2021-2432 affects Oracle Java SE (component: JNDI) with Java SE 7u301. The vulnerability can be exploited by an unauthenticated attacker who has network access over multiple protocols to cause a partial denial of service to Java SE. The issue specifically involves Java deployments that load u...

4.3CVSS4.3AI score0.03701EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.223 views

CVE-2021-30639

Apache Tomcat CVE-2021-30639 describes a DoS vulnerability caused by improper error handling during non-blocking I/O, where the error flag on a Request object isn’t reset between requests. This can allow a remote attacker to trigger non-blocking I/O errors (e.g., by dropping connections) and caus...

7.5CVSS7.4AI score0.06889EPSS
CVE
CVE
added 2013/07/21 8:0 p.m.142 views

CVE-2013-4883

CVE-2013-4883 describes multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier, and in the ePO Extension for the McAfee Agent (MA) 4.5–4.6. The root cause is input handling flaws that allow an attacker to inject arbitrary web script or H...

4.3CVSS5.8AI score0.05071EPSS
Web
CVE
CVE
added 2013/07/21 8:0 p.m.140 views

CVE-2013-4882

CVE-2013-4882: McAfee ePolicy Orchestrator (ePO) includes multiple SQL injection vulnerabilities—affecting ePO 4.6.6 and earlier and the ePO extension for MCAfee Agent 4.5/4.6—allowing remote authenticated users to execute arbitrary SQL via the uid parameter in core/showRegisteredTypeDetails.do a...

6.5CVSS8AI score0.04001EPSS
Web
CVE
CVE
added 2020/10/14 6:20 p.m.88 views

CVE-2020-7318

McAfee ePolicy Orchestrator (ePO) before version 5.10.9 Update 9 is affected by CVE-2020-7318, a cross-site scripting (XSS) vulnerability. The issue arises from multiple parameters not being properly sanitized, allowing an attacker with adjacent access to inject arbitrary web script or HTML in th...

4.6CVSS4.4AI score0.01024EPSS
CVE
CVE
added 2013/05/01 10:0 a.m.82 views

CVE-2013-0140

CVE-2013-0140 describes a SQL injection vulnerability in the Agent-Handler component of McAfee ePolicy Orchestrator (ePO) , affecting versions before 4.5.7 and 4.6.x before 4.6.6. A remote attacker can execute arbitrary SQL commands by sending a crafted request over the Agent-Server communication...

7.9CVSS8.2AI score0.02544EPSS
CVE
CVE
added 2019/07/03 1:40 p.m.81 views

CVE-2019-3619

CVE-2019-3619 affects McAfee ePolicy Orchestrator (ePO) with the Agent Handler in 5.9.x and 5.10.0 prior to 5.10.0 Update 4. It is an information-disclosure vulnerability where sensitive data can be viewed in plain text by sniffing traffic between the Agent Handler and the SQL server. The root ca...

6.8CVSS5.2AI score0.01119EPSS
CVE
CVE
added 2023/11/17 9:47 a.m.79 views

CVE-2023-5444

CVE-2023-5444 involves Trellix ePolicy Orchestrator before 5.10.0 CP1 Update 2. a CSRF allows a remote low-privilege attacker to add a new administrator user, impacting the dashboard UI. The exploit reportedly requires altering the HTTP payload post submission before it reaches the ePO server. Af...

8CVSS7.8AI score0.00351EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.74 views

CVE-2022-3338

CVE-2022-3338 is a Trellix ePolicy Orchestrator XXE vulnerability affecting ePO versions prior to 5.10 Update 14. An unauthenticated attacker could trigger a server-side request forgery by passing a crafted XML via the API, potentially exploiting the Agent Handler path. Supported details from con...

5.4CVSS5.7AI score0.00457EPSS
CVE
CVE
added 2013/05/01 10:0 a.m.70 views

CVE-2013-0141

Summary (CVE-2013-0141): A directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) allows a remote attacker to upload arbitrary files via a crafted request over the Agent-Server communication channel, demonstrated by writing to the Software/ directory. It affects ePO versions prior...

4.3CVSS6.7AI score0.01116EPSS
Total number of security vulnerabilities86