Summary
This host is installed with McAfee ePolicy
Orchestrator and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to obtain the administrator password and gain access to arbitrary files.
Impact Level: Application
Solution
Upgrade to McAfee ePolicy Orchestrator
version 4.6.9 or 5.1.2 or later. For updates refer www.mcafee.com/uk/products/epolicy-orchestrator.aspx
Insight
Multiple flaws exists as,
- an incorrectly configured XML parser accepting XML external entities from an untrusted source.
- application uses the same secret key across different customers installation.
Affected
McAfee ePolicy Orchestrator version before
4.6.9 and 5.x before 5.1.2
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2015-0921, CVE-2015-0922 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability