CVE-2012-4594 — Epolicy Orchestrator vulnerability

CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 63.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedAug 22

Latest updateMay 17

Description

McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator4.6.1+10

🔴Vulnerability Details

GHSA

GHSA-v27p-mv6r-mg8c: McAfee ePolicy Orchestrator (ePO) 4↗2022-05-17

▶

CVEList

CVE-2012-4594: McAfee ePolicy Orchestrator (ePO) 4↗2012-08-22

▶

📋Vendor Advisories

Red Hat

kernel: send(m)msg: user pointer dereferences↗2011-08-25

▶