Vulnerabilities > Mcafee > Epolicy Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9
2017-05-18 CVE-2017-3980 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
network
low complexity
mcafee CWE-22
6.5
2017-03-14 CVE-2016-8027 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
network
low complexity
mcafee CWE-89
7.5
2017-02-13 CVE-2017-3902 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
network
mcafee CWE-79
3.5
2016-01-08 CVE-2015-8765 Remote Code Execution vulnerability in McAfee ePolicy Orchestrator Server
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
mcafee
7.5
2015-06-23 CVE-2015-2859 Cryptographic Issues vulnerability in Mcafee Epolicy Orchestrator
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
mcafee CWE-310
5.8
2015-06-15 CVE-2015-4559 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
mcafee CWE-79
4.3
2015-01-09 CVE-2015-0922 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
network
low complexity
mcafee CWE-200
5.0
2015-01-09 CVE-2015-0921 Unspecified vulnerability in Mcafee Epolicy Orchestrator
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
network
low complexity
mcafee
4.0
2014-02-26 CVE-2014-2205 Permissions, Privileges, and Access Controls vulnerability in Mcafee Epolicy Orchestrator
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
network
mcafee CWE-264
6.3