CVSS: 4.0EPSS: 3%CPEs: 5EXPL: 1CVE-2015-0921
https://notcve.org/view.php?id=CVE-2015-0921
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. Vulnerabilidad de entidad externa XML (XXE) en el registro Server Task en McAfee ePolicy Orchestrator (ePO) anterior a 4.6.9 y 5.x anterior a 5.1.2 permite a usuarios remotos autenticados leer ficheros arbitrarios a través del parámetro conditionXML en taskLogTable en orionUpdateTableFilter.do. • http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html http://seclists.org/fulldisclosure/2015/Jan/37 http://seclists.org/fulldisclosure/2015/Jan/8 http://secunia.com/advisories/61922 http://www.securitytracker.com/id/1031519 https://exchange.xforce.ibmcloud.com/vulnerabilities/99950 https://gist.github.com/brandonprry/692e553975bf29aeaf2c https://kc.mcafee.com/corporate/index?page=content&id=SB10095 https://seclists.org/fulldisclosure/2015/Jan/8 •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2CVE-2015-0922
https://notcve.org/view.php?id=CVE-2015-0922
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. McAfee ePolicy Orchestrator (ePO) anterior a 4.6.9 y 5.x anterior a 5.1.2 utiliza la misma clave en diferentes instalaciones para clientes, lo que permite a atacantes obtener la contraseña de administradores mediante el aprovechamiento del conocimiento de la contraseña cifrada. • http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html http://seclists.org/fulldisclosure/2015/Jan/37 http://seclists.org/fulldisclosure/2015/Jan/8 http://www.securityfocus.com/bid/72298 http://www.securitytracker.com/id/1031519 https://exchange.xforce.ibmcloud.com/vulnerabilities/99949 https://gist.github.com/brandonprry/692e553975bf29aeaf2c https://kc.mcafee.com/corporate/index?page=content&id=SB10095 https://seclists.org/fulldisclosure/2015/Jan/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8522
https://notcve.org/view.php?id=CVE-2014-8522
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. La base de datos MySQL en McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 no requiere una contraseña, lo que facilita a atacantes remotos obtener el acceso. • https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8525
https://notcve.org/view.php?id=CVE-2014-8525
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través del acceso de secuencias de comandos a esta cookie. • http://www.securityfocus.com/bid/70823 https://exchange.xforce.ibmcloud.com/vulnerabilities/98431 https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8531
https://notcve.org/view.php?id=CVE-2014-8531
The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors. El servidor TLS/SSL en McAfee Network Data Loss Prevention (NDLP) anterior a 9.3 utiliza algoritmos de cifrado débiles, lo que facilita a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/70831 https://exchange.xforce.ibmcloud.com/vulnerabilities/98432 https://kc.mcafee.com/corporate/index?page=content&id=SB10053 • CWE-310: Cryptographic Issues •