ePolicy Orchestrator Cloud update fixes multiple Cross-Site Request Forgery vulnerabilities
CVE-2019-3604

4.8MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Epolicy Orchestrator Cloud
Vendor: CVE Published:; 1 February 2019

Summary

Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.

Affected Version(s)

ePolicy Orchestrator Cloud Cloud < unspecified

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106830

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2019
Vulnerability Reserved
Jan 3, 2019