Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-3339 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. | 6.1 |
| 2022-08-30 | CVE-2022-2330 | XXE vulnerability in Mcafee Data Loss Prevention Endpoint Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | 6.5 |
| 2022-04-20 | CVE-2022-1254 | Open Redirect vulnerability in Mcafee web Gateway A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. | 6.1 |
| 2022-04-14 | CVE-2022-1257 | Insecure Storage of Sensitive Information vulnerability in Mcafee Agent Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. | 5.5 |
| 2022-03-23 | CVE-2022-0857 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 6.1 |
| 2022-03-23 | CVE-2022-0858 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. | 4.7 |
| 2022-03-23 | CVE-2022-0859 | Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. | 6.7 |
| 2022-03-23 | CVE-2022-0862 | Improper Authentication vulnerability in Mcafee Epolicy Orchestrator A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. | 5.3 |
| 2022-03-23 | CVE-2022-0842 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. | 4.9 |
| 2022-01-11 | CVE-2022-0129 | Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17 Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. | 6.7 |