Summary
McAfee ePolicy Orchestrator is prone to an XML External Entity vulnerability
Impact
An attacker can exploit this issue to gain access to sensitive information from the application
this may lead to further attacks.
Solution
Updates are available.
Insight
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
Affected
McAfee ePolicy Orchestrator 4.6.7 and prior are vulnerable.
Detection
Check the version
References
Severity
Classification
-
CVE CVE-2014-2205 -
CVSS Base Score: 6.3
AV:N/AC:M/Au:S/C:C/I:N/A:N
Related Vulnerabilities