CVE-2018-6660Path Traversal in Epolicy Orchestrator

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
CNA6.2
EPSS
1.0%
top 22.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedApr 2
Latest updateMay 13

Description

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5mcafee/epolicy_orchestrator4 versions+3
NVDmcafee/epolicy_orchestrator4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3w6h-pp32-qhj8: Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 52022-05-13
CVEList
SB10228 ePO Directory Traversal vulnerability2018-04-02
CVE-2018-6660 — Path Traversal in Mcafee | cvebase