McAfee ePolicy Orchestrator Multiple Vulnerabilities

Release Date: 25 Oct 2021 4944 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in McAfee EPolicy Orchestrator, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and cross-site scripting on the targeted system.

 

Notes:

  • Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-23840

Impact

  • Cross-Site Scripting
  • Information Disclosure
  • Denial of Service
  • Data Manipulation

System / Technologies affected

  • Version ePO 5.10 prior to CU 11

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor:
    Update to version ePO 5.10 CU 11

Vulnerability Identifier

Source

Related Link

Related Tags

McAfeeePolicy Orchestrator (ePO)Proof of ConceptCross Site ScriptingInformation DisclosureDenial of ServiceData Manipulation

Share with

Previous

Cisco Products Multiple Vulnerabilities

22 Oct 2021 5083 Views

Next

Pulse Connect Secure Denial of Service Vulnerability

26 Oct 2021 4874 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY