McAfee ePolicy Orchestrator Multiple Vulnerabilities

Release Date: 29 Mar 2021 5390 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in McAfee ePolicy Orchestrator, a remote attacker could exploit some of these vulnerabilities trigger sensitive information disclosure and cross-site scripting on the targeted system.

Impact

Cross-Site Scripting
Information Disclosure

System / Technologies affected

Version ePO 5.9.1 prior to HF EPO-937000
Version ePO 5.10 prior to Update 10

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
https://kc.mcafee.com/corporate/index?page=content&id=SB10352

Vulnerability Identifier

CVE-2021-23888
CVE-2021-23889
CVE-2021-23890

Source

McAfee
AusCERT