CVE-2022-0857

Name of the Vulnerable Software and Affected Versions McAfee Enterprise ePolicy Orchestrator versions prior to 5.10 Update 13

Description A reflected cross-site scripting issue allows a remote attacker to potentially obtain access to an administrator's session by convincing them to click on a carefully crafted link. This leads to limited access to sensitive information and a limited ability to alter some information due to the area of the User Interface where the issue is present.

Recommendations For versions prior to 5.10 Update 13, update to version 5.10 Update 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Interface area where the vulnerability is present to minimize the risk of exploitation. Avoid clicking on suspicious links, especially those that could be crafted to exploit this issue.