Back to search
CVE-2015-0921
Published: Jan 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
61922
third-party-advisory
x_refsource_SECUNIA
20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure
mailing-list
x_refsource_FULLDISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10095
x_refsource_CONFIRM
20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure
mailing-list
x_refsource_FULLDISC
1031519
vdb-entry
x_refsource_SECTRACK
macafee-cve20150921-info-disc(99950)
vdb-entry
x_refsource_XF
https://gist.github.com/brandonprry/692e553975bf29aeaf2c
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now