CVE Vulnerabilities

CVE-2014-2205

Published: Feb 26, 2014 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.3 MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.

Affected Software

Name Vendor Start Version End Version
Epolicy_orchestrator Mcafee * 4.6.7 (including)
Epolicy_orchestrator Mcafee 4.6.0 (including) 4.6.0 (including)
Epolicy_orchestrator Mcafee 4.6.1 (including) 4.6.1 (including)
Epolicy_orchestrator Mcafee 4.6.2 (including) 4.6.2 (including)
Epolicy_orchestrator Mcafee 4.6.3 (including) 4.6.3 (including)
Epolicy_orchestrator Mcafee 4.6.4 (including) 4.6.4 (including)
Epolicy_orchestrator Mcafee 4.6.5 (including) 4.6.5 (including)
Epolicy_orchestrator Mcafee 4.6.6 (including) 4.6.6 (including)

References