CVE-2012-4594

Published: Aug 22, 2012Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.

Affected (14)

Products: Mcafee: Epolicy Orchestrator

Mcafee

1 product

Epolicy Orchestrator

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	All versions
Mcafee Epolicy Orchestrator	Up to 4.6.1
Mcafee Epolicy Orchestrator	Version 2.0
Mcafee Epolicy Orchestrator	Version 2.5.1
Mcafee Epolicy Orchestrator	Version 2.5
Mcafee Epolicy Orchestrator	Version 2.5 sp1
Mcafee Epolicy Orchestrator	Version 3.0
Mcafee Epolicy Orchestrator	Version 3.0 sp2a
Mcafee Epolicy Orchestrator	Version 3.5.0
Mcafee Epolicy Orchestrator	Version 3.6.0
Mcafee Epolicy Orchestrator	Version 3.6.1
Mcafee Epolicy Orchestrator	Version 4.0
Mcafee Epolicy Orchestrator	Version 4.5.0
Mcafee Epolicy Orchestrator	Version 4.6.0

Related CWEs

CWE-264

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/78132

Source: cve@mitre.org

https://kc.mcafee.com/corporate/index?page=content&id=SB10025

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/78132

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10025

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.