Unrated severityNVD Advisory· Published Jan 9, 2015· Updated May 6, 2026

CVE-2015-0921

Description

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

Affected products

McAfee/Epolicy Orchestrator5 versions
cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*range: <=4.6.8
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kc.mcafee.com/corporate/indexnvdPatchVendor Advisory
packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2015/Jan/37nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2015/Jan/8nvdMailing ListThird Party Advisory
secunia.com/advisories/61922nvd
www.securitytracker.com/id/1031519nvd
exchange.xforce.ibmcloud.com/vulnerabilities/99950nvd
gist.github.com/brandonprry/692e553975bf29aeaf2cnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.047
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000