This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mcafee First view 2004-06-14
Product Epolicy Orchestrator Last view 2023-11-17
Version 3.0 Type Application
Update sp2a  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mcafee:epolicy_orchestrator

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.4 2023-11-17 CVE-2023-5445

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

8 2023-11-17 CVE-2023-5444

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

6.1 2023-07-26 CVE-2023-3946

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

6.1 2022-10-18 CVE-2022-3339

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

5.4 2022-10-18 CVE-2022-3338

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

5.3 2022-03-23 CVE-2022-0862

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.

3.8 2022-03-23 CVE-2022-0861

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

6.7 2022-03-23 CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

4.7 2022-03-23 CVE-2022-0858

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.

6.1 2022-03-23 CVE-2022-0857

A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.

4.9 2022-03-23 CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

4.8 2021-10-22 CVE-2021-31835

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.

5.4 2021-10-22 CVE-2021-31834

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

7.4 2021-08-24 CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

4.3 2021-07-21 CVE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

5.3 2021-07-12 CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

7.5 2021-07-12 CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

4.3 2021-04-22 CVE-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

6.5 2021-03-26 CVE-2021-23890

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN.

4.8 2021-03-26 CVE-2021-23889

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

6.3 2021-03-26 CVE-2021-23888

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

7.5 2021-02-16 CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

4.3 2020-10-14 CVE-2020-7318

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

4.3 2020-10-14 CVE-2020-7317

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.

3.7 2020-04-15 CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CWE : Common Weakness Enumeration

%idName
31% (11) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
11% (4) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
8% (3) CWE-755 Improper Handling of Exceptional Conditions
8% (3) CWE-200 Information Exposure
5% (2) CWE-611 Information Leak Through XML External Entity File Disclosure
5% (2) CWE-502 Deserialization of Untrusted Data
5% (2) CWE-264 Permissions, Privileges, and Access Controls
5% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (1) CWE-522 Insufficiently Protected Credentials
2% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
2% (1) CWE-287 Improper Authentication
2% (1) CWE-190 Integer Overflow or Wraparound
2% (1) CWE-125 Out-of-bounds Read

SAINT Exploits

Description Link
McAfee HTTP header processing buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
29421 McAfee Multiple Products HTTP /spipe/pkg/ Source Header Remote Overflow
5626 McAfee ePolicy Orchestrator HTTP POST spipe/file Handler Arbitrary File Creation

ExploitDB Exploits

id Description
33071 McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0180 Multiple Vulnerabilities in McAfee ePO
Severity: Category I - VMSKEY: V0061149
2013-A-0098 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0037763

Snort® IPS/IDS

Date Description
2014-01-10 McAfee header buffer overflow attempt
RuleID : 8441 - Type : SERVER-WEBAPP - Revision : 16
2017-01-25 McAfee ePolicy Orchestrator data channel SQL injection attempt
RuleID : 41410 - Type : SERVER-WEBAPP - Revision : 3
2015-03-06 McAfee ePolicy Orchestrator XML external entity injection attempt
RuleID : 33279 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28827 - Type : SERVER-OTHER - Revision : 3
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28826 - Type : SERVER-OTHER - Revision : 2
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28825 - Type : SERVER-OTHER - Revision : 2
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28824 - Type : SERVER-OTHER - Revision : 3
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28823 - Type : SERVER-OTHER - Revision : 2
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28822 - Type : SERVER-OTHER - Revision : 2
2014-01-10 McAfee ePolicy Orchestrator XSS attempt
RuleID : 28821 - Type : SERVER-OTHER - Revision : 3
2014-01-10 McAfee ePolicy Orchestrator timing based injection attempt
RuleID : 27724 - Type : SQL - Revision : 2
2014-01-10 McAfee ePolicy Orchestrator timing based injection attempt
RuleID : 27723 - Type : SQL - Revision : 2
2014-01-10 McAfee ePO file upload attempt
RuleID : 2562-community - Type : SERVER-WEBAPP - Revision : 9
2014-01-10 McAfee ePO file upload attempt
RuleID : 2562 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

id Description
2017-06-01 Name: A security management application installed on the remote Windows host is aff...
File: mcafee_epo_sb10196.nasl - Type: ACT_GATHER_INFO
2017-02-23 Name: The remote Windows host is affected by a blind SQL injection vulnerability.
File: mcafee_epo_sb10187.nasl - Type: ACT_GATHER_INFO
2016-02-08 Name: A security management application installed on the remote Windows host is aff...
File: mcafee_epo_sb10144.nasl - Type: ACT_GATHER_INFO
2015-01-30 Name: A security management application installed on the remote host is affected by...
File: mcafee_epo_sb10095.nasl - Type: ACT_GATHER_INFO
2014-02-27 Name: The remote host is affected by an XML entity injection vulnerability.
File: mcafee_epo_sb10065.nasl - Type: ACT_GATHER_INFO
2013-07-17 Name: A security management application on the remote host has multiple cross-site ...
File: mcafee_epo_kb78824.nasl - Type: ACT_GATHER_INFO
2013-07-01 Name: A security management application installed on the remote Windows host has a ...
File: mcafee_epo_sb10043.nasl - Type: ACT_GATHER_INFO
2013-05-04 Name: A security management application on the remote host has multiple vulnerabili...
File: mcafee_epo_sb10042.nasl - Type: ACT_GATHER_INFO
2006-10-03 Name: Arbitrary code can be executed on the remote host due to a flaw in the web se...
File: epolicy_orchestrator_overflow.nasl - Type: ACT_GATHER_INFO