Vulnerabilities > Mcafee > Epolicy Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-0842 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database.
network
low complexity
mcafee CWE-89
4.9
2021-10-22 CVE-2021-31834 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
5.4
2021-10-22 CVE-2021-31835 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-07-12 CVE-2021-30639 Improper Handling of Exceptional Conditions vulnerability in multiple products
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service.
network
low complexity
apache mcafee oracle CWE-755
7.5
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache mcafee netapp CWE-862
5.5
2021-03-26 CVE-2021-23890 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server.
network
low complexity
mcafee CWE-200
6.5
2021-03-26 CVE-2021-23889 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-03-26 CVE-2021-23888 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
network
low complexity
mcafee CWE-601
6.3