PT-2005-3446 · Mcafee · Epolicy Orchestrator Agent

Publicado

2005-08-12

Atualizado

2017-07-11

CVE-2005-2554

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ePolicy Orchestrator Agent version 3.5.0 (patch 3)

Description The issue concerns insecure permissions for the Common FrameworkDb folder in the web server, allowing local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

Recommendations For version 3.5.0 (patch 3), consider restricting access to the Common FrameworkDb folder to prevent local users from reading arbitrary files. As a temporary workaround, restrict write access to the EPO agent web root directory to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-2554

Produtos afetados

Epolicy Orchestrator Agent

PT-2005-3446 · Mcafee · Epolicy Orchestrator Agent

CVE-2005-2554

Identificadores relacionados

Produtos afetados

Referências · 10