Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4594

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4594
Last Modified 04 Apr 2013 11:13:33
Published 22 Aug 2012 06:42:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4594

Summary

McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.

Vulnerable Systems

Application

  • Mcafee Epolicy Orchestrator

  • Mcafee Epolicy Orchestrator 2.0

  • Mcafee Epolicy Orchestrator 2.5

  • Mcafee Epolicy Orchestrator 2.5.1

  • Mcafee Epolicy Orchestrator 3.0

  • Mcafee Epolicy Orchestrator 3.5.0

  • Mcafee Epolicy Orchestrator 3.6.0

  • Mcafee Epolicy Orchestrator 3.6.1

  • Mcafee Epolicy Orchestrator 4.0

  • Mcafee Epolicy Orchestrator 4.5.0

  • Mcafee Epolicy Orchestrator 4.6.0

  • Mcafee Epolicy Orchestrator 4.6.1


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10025

XF - mcafee-epolicy-idvalue-info-disc(78132)


Last Updated: 27 May 2016 11:00:18