Vulnerabilities > Mcafee > Epolicy Orchestrator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-15 | CVE-2018-6671 | Unspecified vulnerability in Mcafee Epolicy Orchestrator Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | 6.5 |
| 2018-04-02 | CVE-2018-6659 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | 5.4 |
| 2018-04-02 | CVE-2018-6660 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | 4.9 |
| 2017-02-13 | CVE-2017-3902 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | 5.4 |