Mcafee Epolicy Orchestrator vulnerabilities
85 known vulnerabilities affecting mcafee/epolicy_orchestrator.
Total CVEs
85
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH16MEDIUM46LOW18
Vulnerabilities
Page 3 of 5
CVE-2020-2654LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2654 [LOW] CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2020-2583LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd
nvd
CVE-2020-2590LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2590 [LOW] CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2019-2949MEDIUMCVSS 6.8v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2949 [MEDIUM] CVE-2019-2949: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerabil
nvd
CVE-2019-2975MEDIUMCVSS 4.8v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2975 [MEDIUM] CVE-2019-2975: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac
nvd
CVE-2019-2933LOWCVSS 3.1v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2933 [LOW] CVE-2019-2933: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a
nvd
CVE-2019-2894LOWCVSS 3.7v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2894 [LOW] CVE-2019-2894: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at
nvd
CVE-2019-2762MEDIUMCVSS 5.3v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2762 [MEDIUM] CVE-2019-2762: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2019-2769MEDIUMCVSS 5.3v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2769 [MEDIUM] CVE-2019-2769: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2019-2816MEDIUMCVSS 4.8v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2816 [MEDIUM] CVE-2019-2816: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2019-2745MEDIUMCVSS 5.1v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2745 [MEDIUM] CVE-2019-2745: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported version
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in un
nvd
CVE-2019-2766LOWCVSS 3.1v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2766 [LOW] CVE-2019-2766: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2019-2842LOWCVSS 3.7v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2842 [LOW] CVE-2019-2842: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial d
nvd
CVE-2019-3619MEDIUMCVSS 4.9v5.9.0v5.9.1+1 more2019-07-03
CVE-2019-3619 [MEDIUM] CWE-319 CVE-2019-3619: Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
nvd
CVE-2019-2602HIGHCVSS 7.5v5.9.0v5.9.1+1 more2019-04-23
CVE-2019-2602 [HIGH] CWE-400 CVE-2019-2602: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2018-6672MEDIUMCVSS 6.5≥ 5.3.0, ≤ 5.3.3≥ 5.9.0, ≤ 5.9.1+2 more2018-06-15
CVE-2018-6672 [MEDIUM] CWE-200 CVE-2018-6672: Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
cvelistv5nvd
CVE-2018-6671MEDIUMCVSS 6.5PoC≥ 5.3.0, ≤ 5.3.3≥ 5.9.0, ≤ 5.9.1+2 more2018-06-15
CVE-2018-6671 [MEDIUM] CVE-2018-6671: Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
cvelistv5nvd
CVE-2017-3936CRITICALCVSS 9.8v5.1.0v5.1.1+8 more2018-06-13
CVE-2017-3936 [CRITICAL] CWE-78 CVE-2017-3936: OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3,
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.
cvelistv5nvd
CVE-2018-6659MEDIUMCVSS 5.4v5.3.0v5.3.1+2 more2018-04-02
CVE-2018-6659 [MEDIUM] CWE-79 CVE-2018-6659: Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
cvelistv5nvd
CVE-2018-6660MEDIUMCVSS 4.9v5.3.0v5.3.1+2 more2018-04-02
CVE-2018-6660 [MEDIUM] CWE-22 CVE-2018-6660: Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
cvelistv5nvd