cbcvebase.
CVE-2021-23888
published 2021-03-26

CVE-2021-23888: Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load…

PriorityP430medium6.3CVSS 3.1
AVNACLPRLUIRSUCHILAN
EPSS
0.60%
44.3th percentile
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

Affected

3 ranges
VendorProductVersion rangeFixed in
mcafeeepolicy_orchestrator< 5.10.05.10.0
mcafeeepolicy_orchestrator
mcafee_llcmcafee_epolicy_orchestrator>= unspecified < 5.10 CU 105.10 CU 10

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.