VYPR
Medium severity6.2NVD Advisory· Published Apr 2, 2018· Updated Jun 17, 2026

CVE-2018-6660

CVE-2018-6660

Description

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Affected products

2
  • McAfee/Epolicy Orchestratorllm-fuzzy2 versions
    5.3.0, 5.3.1, 5.3.2, 5.9.0+ 1 more
    • (no CPE)range: 5.3.0, 5.3.1, 5.3.2, 5.9.0
    • (no CPE)range: 5.3.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.