Vulnerabilities > Mcafee > Epolicy Orchestrator > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-2949 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos).
network
high complexity
oracle debian netapp redhat canonical opensuse mcafee
6.8
2019-07-23 CVE-2019-2816 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle debian opensuse hp mcafee canonical redhat
4.8
2019-07-23 CVE-2019-2769 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle debian canonical redhat hp mcafee opensuse
5.3
2019-07-23 CVE-2019-2762 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
network
low complexity
oracle canonical opensuse debian redhat mcafee hp
5.3
2019-07-23 CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
local
high complexity
oracle debian canonical opensuse mcafee hp
5.1
2019-07-03 CVE-2019-3619 Cleartext Transmission of Sensitive Information vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.9.0/5.9.1
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
network
low complexity
mcafee CWE-319
4.9
2018-06-15 CVE-2018-6672 Information Exposure vulnerability in Mcafee Epolicy Orchestrator
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
network
low complexity
mcafee CWE-200
6.5
2018-06-15 CVE-2018-6671 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
network
low complexity
mcafee
6.5
2018-04-02 CVE-2018-6659 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
network
low complexity
mcafee CWE-79
5.4
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9