Vulnerabilities > Mcafee > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-18 CVE-2022-3339 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-08-30 CVE-2022-2330 XXE vulnerability in Mcafee Data Loss Prevention Endpoint
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
network
low complexity
mcafee CWE-611
6.5
2022-04-20 CVE-2022-1254 Open Redirect vulnerability in Mcafee web Gateway
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker.
network
low complexity
mcafee CWE-601
6.1
2022-04-14 CVE-2022-1257 Insecure Storage of Sensitive Information vulnerability in Mcafee Agent
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
local
low complexity
mcafee CWE-922
5.5
2022-03-23 CVE-2022-0857 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
6.1
2022-03-23 CVE-2022-0858 Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
network
low complexity
mcafee CWE-79
4.7
2022-03-23 CVE-2022-0859 Insufficiently Protected Credentials vulnerability in Mcafee Epolicy Orchestrator
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server.
local
low complexity
mcafee CWE-522
6.7
2022-03-23 CVE-2022-0862 Improper Authentication vulnerability in Mcafee Epolicy Orchestrator
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password.
network
low complexity
mcafee CWE-287
5.3
2022-03-23 CVE-2022-0842 SQL Injection vulnerability in Mcafee Epolicy Orchestrator
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database.
network
low complexity
mcafee CWE-89
4.9
2022-01-11 CVE-2022-0129 Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user.
local
low complexity
mcafee CWE-427
6.7