An External XML entity (XXE) vulnerability in ePO before 5.10 Update 14 can lead to an unauthenticated remote malicious user to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee epolicy orchestrator 5.10.0 |
||
mcafee epolicy orchestrator |