Vulnerabilities > Mcafee > Epolicy Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-5444 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server.
network
low complexity
mcafee CWE-352
8.0
2023-11-17 CVE-2023-5445 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site.
network
low complexity
mcafee CWE-601
5.4
2023-07-26 CVE-2023-3946 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-10-18 CVE-2022-3338 XXE vulnerability in Mcafee Epolicy Orchestrator
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.
network
high complexity
mcafee CWE-611
5.4
2022-10-18 CVE-2022-3339 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-03-23 CVE-2022-0857 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-03-23 CVE-2022-0858 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
4.7
2022-03-23 CVE-2022-0859 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server.
local
low complexity
mcafee CWE-522
6.7
2022-03-23 CVE-2022-0861 XXE vulnerability in Mcafee Epolicy Orchestrator
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality.
network
low complexity
mcafee CWE-611
3.8
2022-03-23 CVE-2022-0862 Improper Authentication vulnerability in Mcafee Epolicy Orchestrator
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password.
network
low complexity
mcafee CWE-287
5.3