Vulnerabilities > Mcafee > Epolicy Orchestrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-02 | CVE-2018-6660 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | 4.9 |
| 2017-05-18 | CVE-2017-3980 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | 7.2 |
| 2017-03-14 | CVE-2016-8027 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | 10.0 |
| 2017-02-13 | CVE-2017-3902 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | 5.4 |
| 2016-01-08 | CVE-2015-8765 | Unspecified vulnerability in Mcafee Epolicy Orchestrator Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 8.3 |