cbcvebase.

Mcafee Epolicy Orchestrator vulnerabilities

85 known vulnerabilities affecting mcafee/epolicy_orchestrator.

Total CVEs
85
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH16MEDIUM46LOW18

Vulnerabilities

Page 4 of 5
CVE-2022-0858P4MEDIUMCVSS 4.7fixed in 5.10.0v5.10.02022-03-23
CVE-2022-0858 [MEDIUM] CWE-79 CVE-2022-0858: A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of
nvd
CVE-2020-14792P4MEDIUMCVSS 4.2v5.9.0v5.9.1+1 more2020-10-21
CVE-2020-14792 [MEDIUM] CVE-2020-14792: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Suppo Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu
nvd
CVE-2015-4559P4MEDIUMCVSS 4.3≤ 5.1.12015-06-15
CVE-2015-4559 [MEDIUM] CWE-79 CVE-2015-4559: Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web serv Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2021-31835P4MEDIUMCVSS 4.8fixed in 5.10.0v5.10.02021-10-22
CVE-2021-31835 [MEDIUM] CWE-79 CVE-2021-31835: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allo Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
nvd
CVE-2020-2756P4LOWCVSS 3.7≥ 5.9.0, < 5.10.0v5.10.02020-04-15
CVE-2020-2756 [LOW] CWE-502 CVE-2020-2756: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2020-2757P4LOWCVSS 3.7≥ 5.9.0, < 5.10.0v5.10.02020-04-15
CVE-2020-2757 [LOW] CWE-502 CVE-2020-2757: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
nvd
CVE-2020-14581P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-07-15
CVE-2020-14581 [LOW] CVE-2020-14581: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of
nvd
CVE-2021-23889P4MEDIUMCVSS 4.8fixed in 5.10.0v5.10.02021-03-26
CVE-2021-23889 [MEDIUM] CWE-79 CVE-2021-23889: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allo Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
nvd
CVE-2020-2590P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2590 [LOW] CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2012-4594P4MEDIUMCVSS 4.0≤ 4.6.1v2.0+9 more2012-08-22
CVE-2012-4594 [MEDIUM] CWE-264 CVE-2012-4594: McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass inte McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
nvd
CVE-2022-0861P4LOWCVSS 3.8fixed in 5.10.0v5.10.02022-03-23
CVE-2022-0861 [LOW] CWE-611 CVE-2022-0861: A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Up A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.
nvd
CVE-2020-2754P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-04-15
CVE-2020-2754 [LOW] CVE-2020-2754: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2020-14578P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-07-15
CVE-2020-14578 [LOW] CVE-2020-14578: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of
nvd
CVE-2020-14579P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-07-15
CVE-2020-14579 [LOW] CVE-2020-14579: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of
nvd
CVE-2020-2583P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-01-15
CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd
nvd
CVE-2020-2755P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-04-15
CVE-2020-2755 [LOW] CVE-2020-2755: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks
nvd
CVE-2020-2773P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-04-15
CVE-2020-2773 [LOW] CVE-2020-2773: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at
nvd
CVE-2019-2894P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2019-10-16
CVE-2019-2894 [LOW] CVE-2019-2894: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at
nvd
CVE-2020-14782P4LOWCVSS 3.7v5.9.0v5.9.1+1 more2020-10-21
CVE-2020-14782 [LOW] CVE-2020-14782: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2021-2432P4LOWCVSS 3.7fixed in 5.10.0v5.10.02021-07-21
CVE-2021-2432 [LOW] CVE-2021-2432: Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial deni
nvd