CVE-2015-0921

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 9 January 2015

Summary

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

References

http://secunia.com/advisories/61922

third-party-advisoryx_refsource_SECUNIA

http://seclists.org/fulldisclosure/2015/Jan/37

mailing-listx_refsource_FULLDISC

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 9, 2015
Vulnerability Reserved
Jan 9, 2015