CVE-2021-23888

Name of the Vulnerable Software and Affected Versions: McAfee ePolicy Orchestrator versions prior to 5.10 Update 10

Description: The issue is related to an unvalidated client-side URL redirect, which could allow an authenticated user to load an untrusted site in an ePO iframe, potentially leading to information theft from the authenticated user.

Recommendations: For versions prior to 5.10 Update 10, update to version 5.10 Update 10 or later to resolve the issue. As a temporary workaround, consider restricting access to iframes within the ePO application to minimize the risk of exploitation.