Product:

Epolicy_orchestrator

(Mcafee)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 86
Date Id Summary Products Score Patch Annotated
2021-06-10 CVE-2020-13938 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Http_server, Epolicy_orchestrator, Cloud_backup 5.5
2021-07-12 CVE-2021-30639 A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating... Tomcat, Epolicy_orchestrator, Big_data_spatial_and_graph 7.5
2021-07-12 CVE-2021-33037 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the... Tomcat, Tomee, Debian_linux, Epolicy_orchestrator, Agile_plm, Communications_cloud_native_core_policy, Communications_cloud_native_core_service_communication_proxy, Communications_diameter_signaling_router, Communications_instant_messaging_server, Communications_policy_management, Communications_pricing_design_center, Communications_session_report_manager, Communications_session_route_manager, Graph_server_and_client, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Sd\-Wan_edge, Secure_global_desktop, Utilities_testing_accelerator 5.3
2022-03-23 CVE-2022-0862 A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user. Epolicy_orchestrator 5.3
2023-07-26 CVE-2023-3946 A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. Epolicy_orchestrator 6.1
2020-01-15 CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java... Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Commerce_experience_manager, Commerce_guided_search, Graalvm, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2022-10-18 CVE-2022-3338 An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API. Epolicy_orchestrator 5.4
2022-10-18 CVE-2022-3339 A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. Epolicy_orchestrator 6.1
2019-04-23 CVE-2019-2602 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of... Ubuntu_linux, Debian_linux, Xp7_command_view, Epolicy_orchestrator, Leap, Jdk, Jre, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Satellite 7.5
2019-07-23 CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java... Ubuntu_linux, Debian_linux, Xp7_command_view, Epolicy_orchestrator, Leap, Jdk, Jre 5.1