Vulnerabilities > Mcafee > Epolicy Orchestrator > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-5445 Unspecified vulnerability in Mcafee Epolicy Orchestrator
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site.
network
low complexity
mcafee
5.4
2023-07-26 CVE-2023-3946 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-10-18 CVE-2022-3338 XXE vulnerability in Mcafee Epolicy Orchestrator
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.
network
high complexity
mcafee CWE-611
5.4
2022-10-18 CVE-2022-3339 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-03-23 CVE-2022-0857 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-03-23 CVE-2022-0858 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
4.7
2022-03-23 CVE-2022-0859 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server.
local
low complexity
mcafee CWE-522
6.7
2022-03-23 CVE-2022-0862 Improper Authentication vulnerability in Mcafee Epolicy Orchestrator
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password.
network
low complexity
mcafee CWE-287
5.3
2022-03-23 CVE-2022-0842 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database.
network
low complexity
mcafee CWE-89
4.9
2021-10-22 CVE-2021-31834 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
5.4