PT-2018-17699 · Mcafee · Mcafee Epolicy Orchestrator

Published

2018-04-02

Updated

2019-10-09

CVE-2018-6659

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions 5.3.0 through 5.3.2 McAfee ePolicy Orchestrator (ePO) version 5.9.0

Description A Reflected Cross-Site Scripting issue exists due to the lack of sanitization of user input, allowing remote authenticated users to exploit this issue.

Recommendations For McAfee ePolicy Orchestrator (ePO) versions 5.3.0 through 5.3.2, update to a version that sanitizes user input to prevent XSS exploitation. For McAfee ePolicy Orchestrator (ePO) version 5.9.0, update to a version that sanitizes user input to prevent XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-6659

Affected Products

Mcafee Epolicy Orchestrator

PT-2018-17699 · Mcafee · Mcafee Epolicy Orchestrator

CVE-2018-6659

Weakness Enumeration

Related Identifiers

Affected Products

References · 5