CVE-2018-6671

Published: Jun 15, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Affected (2)

Products: Mcafee: Epolicy Orchestrator

1 product

Epolicy Orchestrator

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	From 5.3.0 to 5.3.3
Mcafee Epolicy Orchestrator	From 5.9.0 to 5.9.1

References (8)

http://www.securityfocus.com/bid/104485

Source: trellixpsirt@trellix.com

http://www.securitytracker.com/id/1041155

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10240

Source: trellixpsirt@trellix.com

https://www.exploit-db.com/exploits/46518/

Source: trellixpsirt@trellix.com

http://www.securityfocus.com/bid/104485

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1041155

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10240

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/46518/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.