Overview
- Description
- Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
- Source
- trellixpsirt@trellix.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F3977FF-A202-4679-B848-ED1B3A1C98A4"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D0E33E0-5B8F-4448-A5F3-5AE901AC8774"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9220E40-8664-4DB3-AF96-802F8CDEC58A"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5"
}
],
"operator": "OR"
}
]
}
]