cbcvebase.
CVE-2022-3338
published 2022-10-18

CVE-2022-3338: An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side…

PriorityP432medium5.4CVSS 3.1
AVNACHPRNUINSCCLILAN
EPSS
0.46%
36.3th percentile
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

Affected

3 ranges
VendorProductVersion rangeFixed in
mcafeeepolicy_orchestrator< 5.10.05.10.0
mcafeeepolicy_orchestrator
trellixtrellix_epolicy_orchestrator>= unspecified < 5.10 Update 145.10 Update 14
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.