Vulnerabilities > Mcafee > Epolicy Orchestrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-2766 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). | 3.1 |
| 2019-07-23 | CVE-2019-2762 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). | 5.3 |
| 2019-07-23 | CVE-2019-2745 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). | 5.1 |
| 2019-07-03 | CVE-2019-3619 | Cleartext Transmission of Sensitive Information vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.9.0/5.9.1 Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. | 4.9 |
| 2019-04-23 | CVE-2019-2602 | Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). | 7.5 |
| 2019-02-01 | CVE-2019-3604 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | 8.8 |
| 2018-06-15 | CVE-2018-6672 | Information Exposure vulnerability in Mcafee Epolicy Orchestrator Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | 6.5 |
| 2018-06-15 | CVE-2018-6671 | Unspecified vulnerability in Mcafee Epolicy Orchestrator Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | 6.5 |
| 2018-06-13 | CVE-2017-3936 | OS Command Injection vulnerability in Mcafee Epolicy Orchestrator OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | 9.8 |
| 2018-04-02 | CVE-2018-6659 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | 5.4 |