Epolicy Orchestrator Security Vulnerabilities and Issues — Epolicy Orchestrator CVE List

Lucene search

McafeeEpolicy Orchestrator

5 matches found

CVE•added 2018/06/15 2:29 p.m.•47 views

CVE-2018-6671

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

6.5CVSS5.2AI score0.01416EPSS

CVE•added 2018/06/13 9:29 p.m.•45 views

CVE-2017-3936

OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

9.8CVSS8.2AI score0.05478EPSS

CVE•added 2018/04/02 5:29 p.m.•40 views

CVE-2018-6659

Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.

5.4CVSS4.4AI score0.00186EPSS

CVE•added 2018/06/15 2:29 p.m.•38 views

CVE-2018-6672

Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.

6.5CVSS5.5AI score0.00573EPSS

CVE•added 2018/04/02 1:29 p.m.•32 views

CVE-2018-6660

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

6.2CVSS5.3AI score0.01083EPSS