VYPR
Vendor

McAfee Enterprise

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2022-0859MedMar 23, 2022
    risk 0.42cvss 6.5epss 0.00

    McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server…

  • CVE-2022-0857MedMar 23, 2022
    risk 0.35cvss 5.4epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.…

  • CVE-2022-0842MedMar 23, 2022
    risk 0.35cvss 5.4epss 0.01

    A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to…

  • CVE-2022-0858MedMar 23, 2022
    risk 0.28cvss 4.3epss 0.01

    A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would…

  • CVE-2022-0861LowMar 23, 2022
    risk 0.23cvss 3.5epss 0.00

    A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential…

  • CVE-2022-0862LowMar 23, 2022
    risk 0.20cvss 3.1epss 0.01

    A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This…