PT-2018-7283 · Mcafee · Epolicy Orchestrator+1

Publicado

2018-06-13

Atualizado

2019-10-09

CVE-2017-3907

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: McAfee Threat Intelligence Exchange (TIE) Server versions 2.1.0 and earlier

Description: A Code Injection issue in the ePolicy Orchestrator (ePO) extension allows remote attackers to execute arbitrary HTML code, which is then reflected in the response web page. The exact vector used for this attack is not specified.

Recommendations: For McAfee Threat Intelligence Exchange (TIE) Server versions 2.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2017-3907

Produtos afetados

Mcafee Threat Intelligence Exchange Server

Epolicy Orchestrator

PT-2018-7283 · Mcafee · Epolicy Orchestrator+1

CVE-2017-3907

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3