Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mcafee epolicy orchestrator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-4559
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) prior to 5.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mcafee Epolicy Orchestrator
10
CVSSv3
CVE-2016-8027
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and previous versions and 5.1.3 and previous versions allows malicious users to alter a SQL query, which can result in disclosure of information within the database or impersona...
Mcafee Epolicy Orchestrator
6.5
CVSSv3
CVE-2018-6671
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 up to and including 5.3.3 and 5.9.0 up to and including 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted...
Mcafee Epolicy Orchestrator
1 EDB exploit
6.5
CVSSv3
CVE-2018-6672
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 up to and including 5.3.3 and 5.9.0 up to and including 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
Mcafee Epolicy Orchestrator
4.3
CVSSv3
CVE-2020-7317
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) before 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
Mcafee Epolicy Orchestrator
4.3
CVSSv3
CVE-2020-7318
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) before 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Mcafee Epolicy Orchestrator
7.2
CVSSv3
CVE-2017-3980
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and previous versions allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
Mcafee Epolicy Orchestrator
8.3
CVSSv3
CVE-2015-8765
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and previous versions, 5.0.x, 5.1.x prior to 5.1.3 Hotfix 1106041, and 5.3.x prior to 5.3.1 Hotfix 1106041 allow remote malicious users to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Coll...
Mcafee Epolicy Orchestrator
8.8
CVSSv3
CVE-2019-3604
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
Mcafee Epolicy Orchestrator
NA
CVE-2006-3623
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and previous versions allows remote malicious users to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
Mcafee Epolicy Orchestrator Agent
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »