CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2021-23888 – McAfee ePO unvalidated URL redirect vulnerability
https://notcve.org/view.php?id=CVE-2021-23888
26 Mar 2021 — Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. Una vulnerabilidad de redireccionamiento de la URL del lado del cliente no comprobada en McAfee ePolicy Orchestrator (ePO) versiones anteriores a 5.10 Update 10, podría causar a un usuario de ePO autenticado cargar un sitio no confiable en un iframe de ePO que... • https://kc.mcafee.com/corporate/index?page=content&id=SB10352 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-23889 – McAfee ePO Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2021-23889
26 Mar 2021 — Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. Una vulnerabilidad de tipo Cross-Site Scripting en McAfee ePolicy Orchestrator (ePO) versiones anteriores a 5.10 Update 10, permite a administradores de ePO inyectar script web o HTML arbitrario por medio de múltiples parámetros donde las entradas del administrad... • https://kc.mcafee.com/corporate/index?page=content&id=SB10352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 1CVE-2021-23840 – Integer overflow in CipherUpdate
https://notcve.org/view.php?id=CVE-2021-23840
16 Feb 2021 — Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrad... • https://github.com/Trinadh465/openssl-1.1.1g_CVE-2021-23840 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7317 – ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7317
14 Oct 2020 — Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. Una vulnerabilidad de tipo Cross-Site Scripting en McAfee ePolicy Orchistrator (ePO) versiones anteriores a 5.10.9 Update 9, permite a administradores inyectar script web o HTML arbitrario por medio de valores de parámetros para "syncPointList" no ha sido saneado correctamente • https://kc.mcafee.com/corporate/index?page=content&id=SB10332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2018-6671 – SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability
https://notcve.org/view.php?id=CVE-2018-6671
15 Jun 2018 — Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. Vulnerabilidad de omisión de la protección de la aplicación en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y desde la versión 5.9.0 hasta la 5.9.1 permite que usuarios remotos autenticados omitan la protección de ... • https://packetstorm.news/files/id/152027 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6672 – SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity
https://notcve.org/view.php?id=CVE-2018-6672
15 Jun 2018 — Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. Vulnerabilidad de divulgación de información en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y de la versión 5.9.0 a la 5.9.1 permite que usuarios autenticados vean información sensible en formato de texto plano mediante vectores sin especificar. • http://www.securityfocus.com/bid/104485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 0CVE-2017-3936 – McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2017-3936
13 Jun 2018 — OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. Vulnerabilidad de inyección de comandos del sistema operativo en McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1 y 5.1.0 permite que los atacantes ejecuten comandos del sistema operativo con privilegios lim... • http://www.securityfocus.com/bid/103155 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6659 – SB10228 ePO Reflected Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-6659
02 Apr 2018 — Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los usuarios autenticados remotos exploten una vulnerabilidad Cross-Site Scripting (XSS) al no sanear las entradas realizadas por un usuario. • http://www.securityfocus.com/bid/103392 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 1%CPEs: 4EXPL: 0CVE-2018-6660 – SB10228 ePO Directory Traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-6660
02 Apr 2018 — Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los administradores utilicen flujos de datos de Windows alternativos. Esto se podría usar para omitir las ext... • http://www.securityfocus.com/bid/103392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 3%CPEs: 3EXPL: 0CVE-2017-3980
https://notcve.org/view.php?id=CVE-2017-3980
18 May 2017 — A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. Una vulnerabilidad de salto de directorio en la Extensión ePO en McAfee ePolicy Orchestrator (ePO) versiones 5.9.0, 5.3.2 y 5.1.3 y anteriores permite a los usuarios autenticados remotos ejecutar un comando de su elección por medio de una sesión de ePO autenticada. • http://www.securityfocus.com/bid/98559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •