Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee epolicy orchestrator vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2022-0861
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a remote administrator malicious user to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential i...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.3
CVSSv2
CVE-2022-0862
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a remote malicious user to change the password of a compromised session without knowing the existing user's password. This fun...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.9
CVSSv2
CVE-2021-23888
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
3.5
CVSSv2
CVE-2021-23889
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
4.4
CVSSv2
CVE-2022-0859
McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13 allows a local malicious user to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server...
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
10
CVSSv2
CVE-2006-5156
Buffer overflow in McAfee ePolicy Orchestrator prior to 3.5.0.720 and ProtectionPilot prior to 1.1.1.126 allows remote malicious users to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
Mcafee Protectionpilot 1.1.1
Mcafee Epolicy Orchestrator 3.0
Mcafee Epolicy Orchestrator 3.5.0
2 EDB exploits
4.3
CVSSv2
CVE-2021-2432
Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful atta...
Oracle Jdk 1.7.0
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
2.1
CVSSv2
CVE-2020-13938
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
Apache Http Server
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
Netapp Cloud Backup -
7.6
CVSSv2
CVE-2006-5274
Integer overflow in McAfee ePolicy Orchestrator 3.5 up to and including 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote malicious users to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code v...
Mcafee Common Management Agent 3.6.0.438
Mcafee Protectionpilot 1.5.0
Mcafee Epolicy Orchestrator 3.5.0
Mcafee Epolicy Orchestrator 3.6.0
Mcafee Protectionpilot 1.1.1
6.5
CVSSv2
CVE-2017-3980
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and previous versions allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
Mcafee Epolicy Orchestrator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »