Mcafee Epolicy Orchestrator vulnerabilities
85 known vulnerabilities affecting mcafee/epolicy_orchestrator.
Total CVEs
85
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH16MEDIUM46LOW18
Vulnerabilities
Page 3 of 5
CVE-2021-23888P4MEDIUMCVSS 6.3fixed in 5.10.0v5.10.02021-03-26
CVE-2021-23888 [MEDIUM] CWE-601 CVE-2021-23888: Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.1
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
nvd
CVE-2019-2762P4MEDIUMCVSS 5.3v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2762 [MEDIUM] CVE-2019-2762: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2019-2769P4MEDIUMCVSS 5.3v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2769 [MEDIUM] CVE-2019-2769: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su
nvd
CVE-2022-0842P4MEDIUMCVSS 4.9fixed in 5.10.0v5.10.02022-03-23
CVE-2022-0842 [MEDIUM] CWE-89 CVE-2022-0842: A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Up
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
nvd
CVE-2023-5445P4MEDIUMCVSS 5.4fixed in 5.10.0v5.10.02023-11-17
CVE-2023-5445 [MEDIUM] CWE-601 CVE-2023-5445: An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remot
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit t
nvd
CVE-2003-0148P4HIGHCVSS 7.2v2.0v2.5+2 more2003-08-27
CVE-2003-0148 [HIGH] CVE-2003-0148: The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password
nvd
CVE-2020-2593P4MEDIUMCVSS 4.8v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2593 [MEDIUM] CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succ
nvd
CVE-2019-2816P4MEDIUMCVSS 4.8v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2816 [MEDIUM] CVE-2019-2816: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2018-6660P4MEDIUMCVSS 4.9v5.3.0v5.3.1+2 more2018-04-02
CVE-2018-6660 [MEDIUM] CWE-22 CVE-2018-6660: Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
nvd
CVE-2019-3619P4MEDIUMCVSS 4.9v5.9.0v5.9.1+1 more2019-07-03
CVE-2019-3619 [MEDIUM] CWE-319 CVE-2019-3619: Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
nvd
CVE-2022-3339P4MEDIUMCVSS 6.1fixed in 5.10.0v5.10.02022-10-18
CVE-2022-3339 [MEDIUM] CWE-79 CVE-2022-3339: A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability
nvd
CVE-2023-3946P4MEDIUMCVSS 6.1fixed in 5.10.0v5.10.02023-07-26
CVE-2023-3946 [MEDIUM] CWE-79 CVE-2023-3946: A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remo
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited abilit
nvd
CVE-2019-2975P4MEDIUMCVSS 4.8v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2975 [MEDIUM] CVE-2019-2975: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attac
nvd
CVE-2022-0857P4MEDIUMCVSS 6.1fixed in 5.10.0v5.10.02022-03-23
CVE-2022-0857 [MEDIUM] CWE-79 CVE-2022-0857: A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO)
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited abili
nvd
CVE-2015-2859P4MEDIUMCVSS 5.8v4.0v4.5.0+20 more2015-06-23
CVE-2015-2859 [MEDIUM] CWE-310 CVE-2015-2859: Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate se
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2003-0610P4MEDIUMCVSS 5.0v3.02003-08-27
CVE-2003-0610 [MEDIUM] CVE-2003-0610: Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote att
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
nvd
CVE-2021-31834P4MEDIUMCVSS 5.4fixed in 5.10.0v5.10.02021-10-22
CVE-2021-31834 [MEDIUM] CWE-79 CVE-2021-31834: Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
nvd
CVE-2017-3902P4MEDIUMCVSS 5.4v5.1.0v5.1.1+2 more2017-02-13
CVE-2017-3902 [MEDIUM] CWE-79 CVE-2017-3902: Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3,
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
nvd
CVE-2019-2745P4MEDIUMCVSS 5.1v5.9.0v5.9.1+1 more2019-07-23
CVE-2019-2745 [MEDIUM] CVE-2019-2745: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported version
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in un
nvd
CVE-2018-6659P4MEDIUMCVSS 5.4v5.3.0v5.3.1+2 more2018-04-02
CVE-2018-6659 [MEDIUM] CWE-79 CVE-2018-6659: Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
nvd