5.5
CVE-2022-0861
- EPSS 0.16%
- Published 23.03.2022 15:15:08
- Last modified 21.11.2024 06:39:32
- Source trellixpsirt@trellix.com
- Teams watchlist Login
- Open Login
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.
Data is provided by the National Vulnerability Database (NVD)
Mcafee ≫ Epolicy Orchestrator Version < 5.10.0
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Update-
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_1
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_10
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_11
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_12
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_2
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_3
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_4
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_5
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_6
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_7
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_8
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.369 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.8 | 1.2 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| trellixpsirt@trellix.com | 3.5 | 0.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.