CVE-2014-2205
Published Feb 26, 2014
Last updated 6 years ago
Overview
- Description
- The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.3
- Impact score
- 6.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E239F042-2FA0-422F-8B7D-330C5D3A78B6",
"versionEndIncluding": "4.6.7"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D84606C7-E033-4864-A527-C75F4B7A307E"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F4A1B55-452B-4D1F-908E-795197974F4E"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5A2CABB-0BCB-4266-BA58-9FC81E89555C"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0080A5E-19E2-4BAA-BA80-1904A774CF8B"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3171A1A7-E1B6-4957-BABE-DC0997ACB27B"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9284BEB-25CF-4888-AFDD-0073080361BE"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30C57CEF-BEAC-4BC8-9CBE-17B797EC52F5"
}
],
"operator": "OR"
}
]
}
]