This host is running McAfee ePolicy Orchestrator and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data

Upgrade to McAfee ePolicy Orchestrator version 4.5.7 or higher, For updates refer to http://www.mcafee.com/in/products/epolicy-orchestrator.aspx

Multiple flaw are due to improper sanitation of user supplied input via, - 'instanceId' parameter upon submission to the /core/loadDisplayType.do script. - 'instanceId', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /console/createDashboardContainer.do script. - 'uid' parameter upon submission to the /core/showRegisteredTypeDetails.do and /ComputerMgmt/sysDetPanelBoolPie.do scripts. - 'uid', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /ComputerMgmt/sysDetPanelSummary.do and /ComputerMgmt/sysDetPanelQry.do scripts.

McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier

Get the installed version with the help detect NVT and check the version is vulnerable or not.

• http://secunia.com/advisories/54143
• http://www.exploit-db.com/exploits/26807
• http://www.osvdb.com/95192
• https://kc.mcafee.com/corporate/index?page=content&id=KB78824

---

Updated on 2015-03-25