SB10228 ePO Reflected Cross-Site Scripting vulnerability
CVE-2018-6659

3.7LOW

Key Information:

Vendor

Mcafee
Status
Epolicy Orchestrator (epo)
Vendor
CVE Published:
9 March 2018

What is CVE-2018-6659?

Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.

Affected Version(s)

ePolicy Orchestrator (ePO) 5.3.2

ePolicy Orchestrator (ePO) 5.3.1

ePolicy Orchestrator (ePO) 5.3.0

References

http://www.securityfocus.com/bid/103392
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040884
vdb-entryx_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.