CVE-2013-0141 — Path Traversal in Epolicy Orchestrator

CWE-22 — Path Traversal5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 37.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedMay 1
Latest updateMay 5

Description

Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.

CVSS vector

AV:A/AC:M/C:P/I:P/A:NExploitability: 5.5 | Impact: 4.9

Affected Packages1 packages

â–¶NVDmcafee/epolicy_orchestrator4.5.6+18

🔴Vulnerability Details

2
GHSA
GHSA-xw72-87hw-9gf3: Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4↗2022-05-05
â–¶
CVEList
CVE-2013-0141: Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4↗2013-05-01
â–¶

💥Exploits & PoCs

1
Exploit-DB
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities↗2014-04-28
â–¶

💬Community

1
Bugzilla
CVE-2012-5531 GateIn Portal: Reflected Cross-Site Scripting (XSS)↗2012-11-16
â–¶
CVE-2013-0141 — Path Traversal in Mcafee | cvebase