CVE-2014-2205
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
El Framework Import and Export en McAfee ePolicy Orchestrator (ePO) anterior a 4.6.7 Hotfix 940148 permite a usuarios remotos autenticados con permisos para aƱadir cuadros de mando leer archivos arbitrarios mediante la importaciĆ³n de un archivo XML manipilado, relacionado con un problema de XML External Entity (XXE).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-02-26 CVE Reserved
- 2014-02-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/531255/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/65771 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/57114 | 2018-10-09 | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10065 | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | <= 4.6.7 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version " <= 4.6.7" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.0 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.1 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.1" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.2 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.2" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.3 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.3" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.4 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.4" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.5 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.5" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Epolicy Orchestrator Search vendor "Mcafee" for product "Epolicy Orchestrator" | 4.6.6 Search vendor "Mcafee" for product "Epolicy Orchestrator" and version "4.6.6" | - |
Affected
| ||||||