Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-1254 | Open Redirect vulnerability in Mcafee web Gateway A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. | 5.8 |
| 2022-04-14 | CVE-2022-1256 | Improper Privilege Management vulnerability in Mcafee Agent A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. | 7.2 |
| 2022-04-14 | CVE-2022-1257 | Insecure Storage of Sensitive Information vulnerability in Mcafee Agent Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. | 2.1 |
| 2022-04-14 | CVE-2022-1258 | SQL Injection vulnerability in Mcafee Agent A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | 6.0 |
| 2022-03-23 | CVE-2022-0857 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 4.3 |
| 2022-03-23 | CVE-2022-0858 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 4.3 |
| 2022-03-23 | CVE-2022-0859 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. | 4.4 |
| 2022-03-23 | CVE-2022-0861 | XXE vulnerability in Mcafee Epolicy Orchestrator A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. | 5.5 |
| 2022-03-23 | CVE-2022-0862 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. | 4.3 |
| 2022-03-23 | CVE-2022-0842 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. | 4.0 |