PT-2021-15591 · Mcafee · Mcafee Epolicy Orchestrator

Published

2021-03-26

Updated

2021-03-30

CVE-2021-23889

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: McAfee ePolicy Orchestrator (ePO) versions prior to 5.10 Update 10

Description: The issue allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. This is a Cross-Site Scripting issue.

Recommendations: For versions prior to 5.10 Update 10, update to version 5.10 Update 10 or later to resolve the issue. As a temporary workaround, consider restricting input validation for administrators to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-23889

Affected Products

Mcafee Epolicy Orchestrator

PT-2021-15591 · Mcafee · Mcafee Epolicy Orchestrator

CVE-2021-23889

Weakness Enumeration

Related Identifiers

Affected Products

References · 5