5.5

CVE-2022-0861

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
McafeeEpolicy Orchestrator Version < 5.10.0
McafeeEpolicy Orchestrator Version5.10.0 Update-
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_1
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_10
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_11
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_12
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_2
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_3
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_4
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_5
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_6
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_7
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_8
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.369
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.8 1.2 2.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
trellixpsirt@trellix.com 3.5 0.9 2.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.