CVE-2015-0921
23Vexday Risk Score
Corrija em breve. Ela tem exploit funcional público.
ssvc Attendepss 17%
da publicação à arma0 dias
Publicada no NVD9 de jan.
metasploit6 de jan.
probabilidade de exploração
17%top 3% das CVEs
exploração observada
nãonenhuma fonte reporta
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
Produtos afetados
n/a · n/aReferências
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlhttp://seclists.org/fulldisclosure/2015/Jan/37http://seclists.org/fulldisclosure/2015/Jan/8http://secunia.com/advisories/61922https://exchange.xforce.ibmcloud.com/vulnerabilities/99950https://gist.github.com/brandonprry/692e553975bf29aeaf2chttps://kc.mcafee.com/corporate/index?page=content&id=SB10095http://www.securitytracker.com/id/1031519