Vulnerabilities > Mcafee > Epolicy Orchestrator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-5445 | Open Redirect vulnerability in Mcafee Epolicy Orchestrator An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. | 5.4 |
| 2023-07-26 | CVE-2023-3946 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. | 6.1 |
| 2022-10-18 | CVE-2022-3338 | XXE vulnerability in Mcafee Epolicy Orchestrator An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. | 5.4 |
| 2022-10-18 | CVE-2022-3339 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. | 6.1 |
| 2022-03-23 | CVE-2022-0857 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 6.1 |
| 2022-03-23 | CVE-2022-0858 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 4.7 |
| 2022-03-23 | CVE-2022-0859 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. | 6.7 |
| 2022-03-23 | CVE-2022-0862 | Improper Authentication vulnerability in Mcafee Epolicy Orchestrator A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. | 5.3 |
| 2022-03-23 | CVE-2022-0842 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. | 4.9 |
| 2021-10-22 | CVE-2021-31834 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 5.4 |