- Home
- CVEs with nessus.description==The version of McAfee ePolicy Orchestrator (ePO) installed on the remote Windows host is 4.x prior to 4.6.9 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities :
- An XXE (XML External Entity) injection vulnerability exists in the Server Task Log due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote, authenticated attacker, by sending specially crafted XML data via the 'conditionXML' parameter, can gain access to arbitrary files. (CVE-2015-0921)
- An information disclosure vulnerability exists due to the use of a shared secret key to encrypt password information. A remote attacker with knowledge of the key can decrypt the administrator password. (CVE-2015-0922)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top