cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-0861,https://securityvulnerability.io/vulnerability/CVE-2022-0861,ePO XML extended entity vulnerability,A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),3.5,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2022-03-23T14:25:19.000Z,0
CVE-2022-0862,https://securityvulnerability.io/vulnerability/CVE-2022-0862,ePO password change vulnerability,A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),3.1,LOW,0.001550000044517219,false,,false,false,false,,,false,false,,2022-03-23T14:25:12.000Z,0
CVE-2022-0858,https://securityvulnerability.io/vulnerability/CVE-2022-0858,Cross-site scripting vulnerability in ePO,A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),4.3,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-03-23T14:20:19.000Z,0
CVE-2022-0859,https://securityvulnerability.io/vulnerability/CVE-2022-0859,ePO database restoration vulnerability,McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),6.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-03-23T14:20:12.000Z,0
CVE-2022-0857,https://securityvulnerability.io/vulnerability/CVE-2022-0857,ePO Reflected Cross-site scripting vulnerability,A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),5.4,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-03-23T14:15:19.000Z,0
CVE-2022-0842,https://securityvulnerability.io/vulnerability/CVE-2022-0842,ePO blind SQL Injection vulnerability,A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-03-23T14:10:13.000Z,0
CVE-2021-31834,https://securityvulnerability.io/vulnerability/CVE-2021-31834,McAfee ePO Cross-Site Scripting vulnerability,Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-10-22T11:05:18.000Z,0
CVE-2021-31835,https://securityvulnerability.io/vulnerability/CVE-2021-31835,McAfee ePO Cross-Site Scripting vulnerability,Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-10-22T11:05:11.000Z,0
CVE-2021-23890,https://securityvulnerability.io/vulnerability/CVE-2021-23890,McAfee ePO Information Leak vulnerability,Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-03-26T09:35:15.000Z,0
CVE-2021-23888,https://securityvulnerability.io/vulnerability/CVE-2021-23888,McAfee ePO unvalidated URL redirect vulnerability,Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),6.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-03-26T09:30:21.000Z,0
CVE-2021-23889,https://securityvulnerability.io/vulnerability/CVE-2021-23889,McAfee ePO Cross-site Scripting vulnerability,Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.,"Mcafee,llc",Mcafee Epolicy Orchestrator (epo),3.5,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2021-03-26T09:30:15.000Z,0
CVE-2019-3619,https://securityvulnerability.io/vulnerability/CVE-2019-3619,,Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.,"Mcafee, Llc",Mcafee Epolicy Orchestrator (epo),6.8,MEDIUM,0.0018599999602884054,false,,false,false,false,,,false,false,,2019-07-03T13:40:04.000Z,0
CVE-2018-6671,https://securityvulnerability.io/vulnerability/CVE-2018-6671,SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability,Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.,Mcafee,Epolicy Orchestrator (epo),4.7,MEDIUM,0.01964000053703785,false,,false,false,false,,,false,false,,2018-06-15T14:00:00.000Z,0
CVE-2018-6672,https://securityvulnerability.io/vulnerability/CVE-2018-6672,SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity,Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.,Mcafee,Epolicy Orchestrator (epo),5.7,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2018-06-15T14:00:00.000Z,0
CVE-2017-3936,https://securityvulnerability.io/vulnerability/CVE-2017-3936,McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability,"OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.",Mcafee,Epolicy Orchestrator (epo),6.2,MEDIUM,0.003710000077262521,false,,false,false,false,,,false,false,,2018-06-13T21:00:00.000Z,0
CVE-2018-6659,https://securityvulnerability.io/vulnerability/CVE-2018-6659,SB10228 ePO Reflected Cross-Site Scripting vulnerability,"Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.",Mcafee,Epolicy Orchestrator (epo),3.7,LOW,0.0008800000068731606,false,,false,false,false,,,false,false,,2018-03-09T00:00:00.000Z,0
CVE-2018-6660,https://securityvulnerability.io/vulnerability/CVE-2018-6660,SB10228 ePO Directory Traversal vulnerability,"Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.",Mcafee,Epolicy Orchestrator (epo),6.2,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2018-03-09T00:00:00.000Z,0
CVE-2017-3980,https://securityvulnerability.io/vulnerability/CVE-2017-3980,,"A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.",Mcafee,Epolicy Orchestrator (epo),7.2,HIGH,0.001829999964684248,false,,false,false,false,,,false,false,,2017-05-18T19:00:00.000Z,0
CVE-2016-8027,https://securityvulnerability.io/vulnerability/CVE-2016-8027,,"SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.",Mcafee,Mcafee Epolicy Orchestrator (epo) 5.3.2 And Earlier And 5.1.3 And Earlier,10,CRITICAL,0.25499001145362854,false,,false,false,false,,,false,false,,2017-03-14T22:00:00.000Z,0