Summary
This host is running McAfee ePolicy Orchestrator and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote authenticated attacker to gain access to potentially sensitive information.
Solution
According to vendor advisory, No remediation steps are required.
https://kc.mcafee.com/corporate/index?page=content&id=SB10025
Insight
Flaw is due to an improper parsing of an ID value in a console URL.
Affected
McAfee ePolicy Orchestrator (ePO) version 4.6.1 and earlier
Detection
Get the installed version with the help detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-4594 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability