CVE-2022-0861

Name of the Vulnerable Software and Affected Versions McAfee Enterprise ePolicy Orchestrator versions prior to 5.10 Update 13

Description A XML Extended entity issue allows a remote administrator attacker to upload a malicious XML file through the extension import functionality, resulting in limited access to confidential information and some ability to alter data.

Recommendations For versions prior to 5.10 Update 13, update to version 5.10 Update 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the extension import functionality to minimize the risk of exploitation.