PT-2018-17699 · Mcafee · Mcafee Epolicy Orchestrator

Publicado

2018-04-02

Atualizado

2019-10-09

CVE-2018-6659

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions 5.3.0 through 5.3.2 McAfee ePolicy Orchestrator (ePO) version 5.9.0

Description A Reflected Cross-Site Scripting issue exists due to the lack of sanitization of user input, allowing remote authenticated users to exploit this issue.

Recommendations For McAfee ePolicy Orchestrator (ePO) versions 5.3.0 through 5.3.2, update to a version that sanitizes user input to prevent XSS exploitation. For McAfee ePolicy Orchestrator (ePO) version 5.9.0, update to a version that sanitizes user input to prevent XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-6659

Produtos afetados

Mcafee Epolicy Orchestrator

PT-2018-17699 · Mcafee · Mcafee Epolicy Orchestrator

CVE-2018-6659

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5