Vulnerabilities > Mcafee > Epolicy Orchestrator > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-22 CVE-2021-31835 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-06-10 CVE-2020-13938 Missing Authorization vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
local
low complexity
apache mcafee netapp CWE-862
5.5
2021-03-26 CVE-2021-23890 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server.
network
low complexity
mcafee CWE-200
6.5
2021-03-26 CVE-2021-23889 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
network
low complexity
mcafee CWE-79
4.8
2021-03-26 CVE-2021-23888 Open Redirect vulnerability in Mcafee Epolicy Orchestrator
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
network
low complexity
mcafee CWE-601
6.3
2020-10-14 CVE-2020-7318 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
low complexity
mcafee CWE-79
4.3
2020-10-14 CVE-2020-7317 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
low complexity
mcafee CWE-79
4.3
2020-01-15 CVE-2020-2593 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
network
high complexity
oracle redhat debian canonical opensuse mcafee netapp
4.8
2019-10-16 CVE-2019-2975 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
network
high complexity
oracle redhat netapp debian opensuse mcafee canonical
4.8