McAfee ePO Cross-site Scripting vulnerability
CVE-2021-23889

3.5LOW

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Epolicy Orchestrator (epo)
Vendor: CVE Published:; 26 March 2021

What is CVE-2021-23889?

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) < 5.10 CU 10

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2021
Vulnerability Reserved
Jan 12, 2021

Mcafee,llc

What is CVE-2021-23889?

Affected Version(s)

References

CVSS V3.1

Timeline