CVE-2021-31835

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions prior to 5.10 Update 11

Description The issue allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. This is a Cross-Site Scripting issue.

Recommendations For versions prior to 5.10 Update 11, update to version 5.10 Update 11 or later to resolve the issue. As a temporary workaround, consider restricting the ability of ePO administrators to inject arbitrary web script or HTML via the specific vulnerable parameter until a patch is applied.