XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) prior to 4.6.9 and 5.x prior to 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee epolicy orchestrator |
||
mcafee epolicy orchestrator 5.0.0 |
||
mcafee epolicy orchestrator 5.0.1 |
||
mcafee epolicy orchestrator 5.1.0 |
||
mcafee epolicy orchestrator 5.1.1 |