McAfee ePO unvalidated URL redirect vulnerability
CVE-2021-23888

6.3MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Epolicy Orchestrator (epo)
Vendor: CVE Published:; 26 March 2021

What is CVE-2021-23888?

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) < 5.10 CU 10

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2021
Vulnerability Reserved
Jan 12, 2021

Mcafee,llc

What is CVE-2021-23888?

Affected Version(s)

References

CVSS V3.1

Timeline