Vulnerabilities > Mcafee > Epolicy Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2017-3936 OS Command Injection vulnerability in Mcafee Epolicy Orchestrator
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
network
low complexity
mcafee CWE-78
critical
9.8
2018-04-02 CVE-2018-6659 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
network
low complexity
mcafee CWE-79
5.4
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9
2017-05-18 CVE-2017-3980 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
network
low complexity
mcafee CWE-22
7.2
2017-03-14 CVE-2016-8027 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
network
low complexity
mcafee CWE-89
critical
10.0
2017-02-13 CVE-2017-3902 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
network
low complexity
mcafee CWE-79
5.4
2016-01-08 CVE-2015-8765 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
mcafee
8.3