CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6659 – SB10228 ePO Reflected Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-6659
02 Apr 2018 — Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los usuarios autenticados remotos exploten una vulnerabilidad Cross-Site Scripting (XSS) al no sanear las entradas realizadas por un usuario. • http://www.securityfocus.com/bid/103392 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 1%CPEs: 4EXPL: 0CVE-2018-6660 – SB10228 ePO Directory Traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-6660
02 Apr 2018 — Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los administradores utilicen flujos de datos de Windows alternativos. Esto se podría usar para omitir las ext... • http://www.securityfocus.com/bid/103392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 3%CPEs: 3EXPL: 0CVE-2017-3980
https://notcve.org/view.php?id=CVE-2017-3980
18 May 2017 — A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. Una vulnerabilidad de salto de directorio en la Extensión ePO en McAfee ePolicy Orchestrator (ePO) versiones 5.9.0, 5.3.2 y 5.1.3 y anteriores permite a los usuarios autenticados remotos ejecutar un comando de su elección por medio de una sesión de ePO autenticada. • http://www.securityfocus.com/bid/98559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 18%CPEs: 2EXPL: 0CVE-2016-8027
https://notcve.org/view.php?id=CVE-2016-8027
14 Mar 2017 — SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. Vulnerabilidad de inyección SQL en servicios básicos en Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 y versiones anteriores y 5.1.3 y versiones anteriores permite a atacante... • http://www.securityfocus.com/bid/95981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3902
https://notcve.org/view.php?id=CVE-2017-3902
13 Feb 2017 — Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. Vulnerabilidad de XSS en la interfaz Web de usuario (UI) en Intel Security ePO 5.1.3, 5.1.2, 5.1.1 y 5.1.0 permite a usuarios no autenticados inyectar secuencias de comandos Java maliciosos eludiendo la entrada de validación. • http://www.securityfocus.com/bid/96465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8765
https://notcve.org/view.php?id=CVE-2015-8765
08 Jan 2016 — Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 y versiones anteriores, 5.0.x, 5.1.x en versiones anteriores a 5.1.3 Hotfix 1106041 y 5.3.x en versiones anteriores a 5.3.1 Hotfix 1106041 permiten a atacantes remotos ejecutar código... • https://kc.mcafee.com/corporate/index?page=content&id=SB10144 •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2015-2859
https://notcve.org/view.php?id=CVE-2015-2859
23 Jun 2015 — Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Intel McAfee ePolicy Orchestrator (ePO) 4.x hasta 4.6.9 y 5.x hasta 5.1.2 no valida los nombres de servidores y los nombres de de autoridades certificadoras en los certificados X.509 de servidores SSL, lo que ... • http://www.kb.cert.org/vuls/id/264092 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4559
https://notcve.org/view.php?id=CVE-2015-4559
15 Jun 2015 — Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la característica del despliegue de productos en los servicios web del núcleo de Java en Intel McAfee ePolicy Orchestrator (ePO) anterior a 5.1.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través ... • http://www.securityfocus.com/bid/91539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 58%CPEs: 5EXPL: 1CVE-2015-0921
https://notcve.org/view.php?id=CVE-2015-0921
09 Jan 2015 — XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. Vulnerabilidad de entidad externa XML (XXE) en el registro Server Task en McAfee ePolicy Orchestrator (ePO) anterior a 4.6.9 y 5.x anterior a 5.1.2 permite a usuarios remotos autenticados leer ficheros arbitrarios a través del parámetro co... • http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html •
CVSS: 9.8EPSS: 45%CPEs: 5EXPL: 2CVE-2015-0922
https://notcve.org/view.php?id=CVE-2015-0922
09 Jan 2015 — McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. McAfee ePolicy Orchestrator (ePO) anterior a 4.6.9 y 5.x anterior a 5.1.2 utiliza la misma clave en diferentes instalaciones para clientes, lo que permite a atacantes obtener la contraseña de administradores mediante el aprovechamiento del conocimiento de la contra... • http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •