Skip to main content

McAfee ePolicy Orchestrator Multiple Vulnerabilities

Release Date: 25 Oct 2021 5088 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in McAfee EPolicy Orchestrator, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and cross-site scripting on the targeted system.

 

Notes:

  • Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-23840

Impact

  • Cross-Site Scripting
  • Information Disclosure
  • Denial of Service
  • Data Manipulation

System / Technologies affected

  • Version ePO 5.10 prior to CU 11

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor:
    Update to version ePO 5.10 CU 11

Vulnerability Identifier


Source


Related Link