Unrated severityNVD Advisory· Published Jan 9, 2015· Updated Jun 17, 2026
CVE-2015-0921
CVE-2015-0921
Description
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*range: <=4.6.8
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*
- (no CPE)range: <4.6.9, <5.1.2
Patches
Vulnerability mechanics
References
8- kc.mcafee.com/corporate/indexnvdPatchVendor Advisory
- packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2015/Jan/37nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2015/Jan/8nvdMailing ListThird Party Advisory
- secunia.com/advisories/61922nvd
- www.securitytracker.com/id/1031519nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/99950nvd
- gist.github.com/brandonprry/692e553975bf29aeaf2cnvd
News mentions
0No linked articles in our index yet.