PT-2012-5502 · Mcafee · Mcafee Epolicy Orchestrator

Published

2012-08-22

Updated

2017-08-29

CVE-2012-4594

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions 4.6.1 and earlier

Description The issue allows remote authenticated users to bypass intended access restrictions and obtain sensitive information from arbitrary reporting panels. This is achieved by modifying the ID value in a console URL.

Recommendations For versions 4.6.1 and earlier, update to a version later than 4.6.1 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-4594

Affected Products

Mcafee Epolicy Orchestrator

PT-2012-5502 · Mcafee · Mcafee Epolicy Orchestrator

CVE-2012-4594

Weakness Enumeration

Related Identifiers

Affected Products

References · 4