CVE-2015-0921
23Vexday Risk Score
Corrige pronto. Ella tiene exploit funcional público.
ssvc Attendepss 17%
de la publicación al arma0 días
Publicada en NVD9 ene
metasploit6 ene
probabilidad de explotación
17%top 3% de las CVE
explotación observada
noninguna fuente lo reporta
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
Productos afectados
n/a · n/aReferencias
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlhttp://seclists.org/fulldisclosure/2015/Jan/37http://seclists.org/fulldisclosure/2015/Jan/8http://secunia.com/advisories/61922https://exchange.xforce.ibmcloud.com/vulnerabilities/99950https://gist.github.com/brandonprry/692e553975bf29aeaf2chttps://kc.mcafee.com/corporate/index?page=content&id=SB10095http://www.securitytracker.com/id/1031519