Web application abuses : McAfee ePolicy Orchestrator < 4.6.7 Hotfix 940148 XXE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103925

Categoría: Web application abuses

Título: McAfee ePolicy Orchestrator < 4.6.7 Hotfix 940148 XXE Vulnerability

Resumen: McAfee ePolicy Orchestrator is prone to an XML external entity; (XXE) vulnerability.

Descripción: Summary:
McAfee ePolicy Orchestrator is prone to an XML external entity
(XXE) vulnerability.

Vulnerability Insight:
The Import and Export Framework in McAfee ePolicy Orchestrator
(ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add
dashboards to read arbitrary files by importing a crafted XML file, related to an XML External
Entity (XXE) issue.

Vulnerability Impact:
An attacker can exploit this issue to gain access to sensitive
information from the application. This may lead to further attacks.

Affected Software/OS:
McAfee ePolicy Orchestrator versions 4.6.7 and prior are
vulnerable.

Solution:
Updates are available.

CVSS Score:
6.3

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-2205
BugTraq ID: 65771
http://www.securityfocus.com/bid/65771
Bugtraq: 20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard (Google Search)
http://www.securityfocus.com/archive/1/531255/100/0/threaded
https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt
http://secunia.com/advisories/57114

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103925
Categoría:	Web application abuses
Título:	McAfee ePolicy Orchestrator < 4.6.7 Hotfix 940148 XXE Vulnerability
Resumen:	McAfee ePolicy Orchestrator is prone to an XML external entity; (XXE) vulnerability.
Descripción:	Summary: McAfee ePolicy Orchestrator is prone to an XML external entity (XXE) vulnerability. Vulnerability Insight: The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. Vulnerability Impact: An attacker can exploit this issue to gain access to sensitive information from the application. This may lead to further attacks. Affected Software/OS: McAfee ePolicy Orchestrator versions 4.6.7 and prior are vulnerable. Solution: Updates are available. CVSS Score: 6.3 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2205 BugTraq ID: 65771 http://www.securityfocus.com/bid/65771 Bugtraq: 20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard (Google Search) http://www.securityfocus.com/archive/1/531255/100/0/threaded https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt http://secunia.com/advisories/57114
Copyright	Copyright (C) 2014 Greenbone AG