A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Epolicy_orchestrator | Mcafee | * | 5.10.0 (excluding) |
| Epolicy_orchestrator | Mcafee | 5.10.0 (including) | 5.10.0 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_1 (including) | 5.10.0-update_1 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_10 (including) | 5.10.0-update_10 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_11 (including) | 5.10.0-update_11 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_12 (including) | 5.10.0-update_12 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_2 (including) | 5.10.0-update_2 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_3 (including) | 5.10.0-update_3 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_4 (including) | 5.10.0-update_4 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_5 (including) | 5.10.0-update_5 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_6 (including) | 5.10.0-update_6 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_7 (including) | 5.10.0-update_7 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_8 (including) | 5.10.0-update_8 (including) |
| Epolicy_orchestrator | Mcafee | 5.10.0-update_9 (including) | 5.10.0-update_9 (including) |