McAfee ePolicy Orchestrator (ePO) 5.10.0 Service Pack 1 Update

CPE Details

McAfee ePolicy Orchestrator (ePO) 5.10.0 Service Pack 1 Update
mcafee
epolicy_orchestrator
5.10.0
2023-12-09
03h54 +00:00
2023-12-09
03h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update:*:*:*:*:*:*

Informations

Vendor

mcafee

Product

epolicy_orchestrator

Version

5.10.0

Update

service_pack_1_update

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5445 2023-11-17 10h01 +00:00 An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
5.4
Medium
CVE-2023-5444 2023-11-17 09h47 +00:00 A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
8
High
CVE-2021-31835 2021-10-22 09h05 +00:00 Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
4.8
Medium
CVE-2020-7317 2020-10-14 16h20 +00:00 Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
4.6
Medium
CVE-2020-7318 2020-10-14 16h20 +00:00 Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
4.6
Medium
CVE-2019-3619 2019-07-03 11h40 +00:00 Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
6.8
Medium
CVE-2019-3604 2019-02-01 15h00 +00:00 Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.
8.8
High
CVE-2012-4594 2012-08-22 08h00 +00:00 McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
4