Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2205

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2014-2205
Last Modified 05 Mar 2014 11:51:01
Published 26 Feb 2014 10:55:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2205

Summary

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Mcafee Epolicy Orchestrator 4.6.0

  • Mcafee Epolicy Orchestrator 4.6.1

  • Mcafee Epolicy Orchestrator 4.6.2

  • Mcafee Epolicy Orchestrator 4.6.3

  • Mcafee Epolicy Orchestrator 4.6.4

  • Mcafee Epolicy Orchestrator 4.6.5

  • Mcafee Epolicy Orchestrator 4.6.6

  • Mcafee Epolicy Orchestrator 4.6.7


References

MISC - https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10065

SECUNIA - 57114

BID - 65771

BUGTRAQ - 20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard


Last Updated: 27 May 2016 10:56:45