Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0921

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-0921
Last Modified 22 Jan 2015 09:02:58
Published 09 Jan 2015 01:59:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0921

Summary

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

Vulnerable Systems

Application

  • Mcafee Epolicy Orchestrator 4.6.8

  • Mcafee Epolicy Orchestrator 5.0.0

  • Mcafee Epolicy Orchestrator 5.0.1

  • Mcafee Epolicy Orchestrator 5.1.0

  • Mcafee Epolicy Orchestrator 5.1.1


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10095

FULLDISC - 20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

MISC - http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html

FULLDISC - 20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

XF - macafee-cve20150921-info-disc(99950)


Last Updated: 27 May 2016 11:07:30