CVE-2014-2205

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions prior to 4.6.7 Hotfix 940148

Description The issue allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. This means that an attacker could potentially access sensitive information by exploiting this weakness.

Recommendations For versions prior to 4.6.7 Hotfix 940148, update to version 4.6.7 Hotfix 940148 or later to resolve the issue. As a temporary workaround, consider restricting access to the Import and Export Framework to minimize the risk of exploitation.