XML External Entity Vulnerability in McAfee ePolicy Orchestrator
CVE-2015-0921

Currently unrated

Key Information:

Vendor

Mcafee
Status
Epolicy Orchestrator
Vendor
CVE Published:
9 January 2015

What is CVE-2015-0921?

An XML external entity (XXE) vulnerability exists in the Server Task Log of McAfee ePolicy Orchestrator prior to version 4.6.9 and versions 5.x before 5.1.2. This flaw allows remote authenticated users to read arbitrary files by exploiting the conditionXML parameter when interacting with the taskLogTable and orionUpdateTableFilter.do. This can lead to unintended information disclosure, thereby compromising the integrity of sensitive data.

References

http://secunia.com/advisories/61922
third-party-advisoryx_refsource_SECUNIA
http://seclists.org/fulldisclosure/2015/Jan/37
mailing-listx_refsource_FULLDISC
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.