6.5
CVE-2018-6671
- EPSS 4.7%
- Veröffentlicht 15.06.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:05
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Epolicy Orchestrator Version >= 5.3.0 <= 5.3.3
Mcafee ≫ Epolicy Orchestrator Version >= 5.9.0 <= 5.9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.7% | 0.906 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
| trellixpsirt@trellix.com | 4.7 | 1.6 | 2.7 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
http://www.securityfocus.com/bid/104485
http://www.securitytracker.com/id/1041155
https://kc.mcafee.com/corporate/index?page=content&id=SB10240
https://www.exploit-db.com/exploits/46518/