CVE-2022-0861XML External Entity (XXE) Injection in LLC Mcafee Epolicy Orchestrator

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
3.8LOWNVD
CNA3.5
EPSS
0.2%
top 63.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee LLC Mcafee Epolicy OrchestratorMcafee Epolicy Orchestrator
Timeline
PublishedMar 23
Latest updateMar 24

Description

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5mcafee_llc/mcafee_epolicy_orchestratorunspecified5.10 CU 13

🔴Vulnerability Details

2
GHSA
GHSA-pc2g-2g3x-j4c9: A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 52022-03-24
CVEList
ePO XML extended entity vulnerability2022-03-23
CVE-2022-0861 — XML External Entity (XXE) Injection | cvebase