Vulnerabilities > Mcafee > Epolicy Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-2766 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle mcafee hp opensuse
3.1
2019-07-23 CVE-2019-2762 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle canonical opensuse debian redhat mcafee hp
5.3
2019-07-23 CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
local
high complexity
oracle debian canonical opensuse mcafee hp
5.1
2019-07-03 CVE-2019-3619 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.9.0/5.9.1
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
network
low complexity
mcafee CWE-319
4.9
2019-04-23 CVE-2019-2602 Resource Exhaustion vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
7.5
2019-02-01 CVE-2019-3604 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
network
low complexity
mcafee CWE-352
8.8
2018-06-15 CVE-2018-6672 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
network
low complexity
mcafee CWE-200
6.5
2018-06-15 CVE-2018-6671 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
network
low complexity
mcafee
6.5
2018-06-13 CVE-2017-3936 OS Command Injection vulnerability in Mcafee Epolicy Orchestrator
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
network
low complexity
mcafee CWE-78
critical
9.8
2018-04-02 CVE-2018-6659 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
network
low complexity
mcafee CWE-79
5.4