Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee epolicy orchestrator 5.10.0 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-31834
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
3.5
CVSSv2
CVE-2021-23889
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2021-31835
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.4
CVSSv2
CVE-2022-0859
McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a local malicious user to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2022-0862
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a remote malicious user to change the password of a compromised session without knowing the existing user's password. This fun...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
NA
CVE-2023-3946
A reflected cross-site scripting (XSS) vulnerability in ePO before 5.10 SP1 Update 1allows a remote unauthenticated malicious user to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafte...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.9
CVSSv2
CVE-2021-23888
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
5.8
CVSSv2
CVE-2021-23890
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4
CVSSv2
CVE-2022-0842
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a remote authenticated malicious user to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2022-0857
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a remote malicious user to potentially obtain access to an ePO administrator's session by convincing the malicious user to click on a carefully c...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »