 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.103925 |
| Category: | Web application abuses |
| Title: | McAfee ePolicy Orchestrator < 4.6.7 Hotfix 940148 XXE Vulnerability |
| Summary: | McAfee ePolicy Orchestrator is prone to an XML external entity; (XXE) vulnerability. |
| Description: | Summary: McAfee ePolicy Orchestrator is prone to an XML external entity (XXE) vulnerability. Vulnerability Insight: The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. Vulnerability Impact: An attacker can exploit this issue to gain access to sensitive information from the application. This may lead to further attacks. Affected Software/OS: McAfee ePolicy Orchestrator versions 4.6.7 and prior are vulnerable. Solution: Updates are available. CVSS Score: 6.3 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2205 BugTraq ID: 65771 http://www.securityfocus.com/bid/65771 Bugtraq: 20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard (Google Search) http://www.securityfocus.com/archive/1/531255/100/0/threaded https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt http://secunia.com/advisories/57114 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |