SB10228 ePO Directory Traversal vulnerability
CVE-2018-6660

6.2MEDIUM

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator (epo)
Vendor: CVE Published:; 9 March 2018

Summary

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Affected Version(s)

ePolicy Orchestrator (ePO) 5.3.2

ePolicy Orchestrator (ePO) 5.3.1

ePolicy Orchestrator (ePO) 5.3.0

References

http://www.securityfocus.com/bid/103392

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1040884

vdb-entryx_refsource_SECTRACK

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Feb 6, 2018

.