Web application abuses : McAfee ePolicy Orchestrator Multiple Vulnerabilities (Jan 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805238

Categoría: Web application abuses

Título: McAfee ePolicy Orchestrator Multiple Vulnerabilities (Jan 2015)

Resumen: McAfee ePolicy Orchestrator is prone to multiple vulnerabilities.

Descripción: Summary:
McAfee ePolicy Orchestrator is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist as,

- an incorrectly configured XML parser accepting XML external entities from an
untrusted source.

- application uses the same secret key across different customers installation.

Vulnerability Impact:
Successful exploitation will allow attackers
to obtain the administrator password and gain access to arbitrary files.

Affected Software/OS:
McAfee ePolicy Orchestrator version before
4.6.9 and 5.x before 5.1.2

Solution:
Upgrade to McAfee ePolicy Orchestrator
version 4.6.9 or 5.1.2 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0922
BugTraq ID: 72298
http://www.securityfocus.com/bid/72298
http://seclists.org/fulldisclosure/2015/Jan/8
http://seclists.org/fulldisclosure/2015/Jan/37
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html
https://gist.github.com/brandonprry/692e553975bf29aeaf2c
http://www.securitytracker.com/id/1031519
XForce ISS Database: macafee-cve20150922-info-disc(99949)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99949
Common Vulnerability Exposure (CVE) ID: CVE-2015-0921
http://secunia.com/advisories/61922
XForce ISS Database: macafee-cve20150921-info-disc(99950)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99950

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805238
Categoría:	Web application abuses
Título:	McAfee ePolicy Orchestrator Multiple Vulnerabilities (Jan 2015)
Resumen:	McAfee ePolicy Orchestrator is prone to multiple vulnerabilities.
Descripción:	Summary: McAfee ePolicy Orchestrator is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist as, - an incorrectly configured XML parser accepting XML external entities from an untrusted source. - application uses the same secret key across different customers installation. Vulnerability Impact: Successful exploitation will allow attackers to obtain the administrator password and gain access to arbitrary files. Affected Software/OS: McAfee ePolicy Orchestrator version before 4.6.9 and 5.x before 5.1.2 Solution: Upgrade to McAfee ePolicy Orchestrator version 4.6.9 or 5.1.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0922 BugTraq ID: 72298 http://www.securityfocus.com/bid/72298 http://seclists.org/fulldisclosure/2015/Jan/8 http://seclists.org/fulldisclosure/2015/Jan/37 http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html https://gist.github.com/brandonprry/692e553975bf29aeaf2c http://www.securitytracker.com/id/1031519 XForce ISS Database: macafee-cve20150922-info-disc(99949) https://exchange.xforce.ibmcloud.com/vulnerabilities/99949 Common Vulnerability Exposure (CVE) ID: CVE-2015-0921 http://secunia.com/advisories/61922 XForce ISS Database: macafee-cve20150921-info-disc(99950) https://exchange.xforce.ibmcloud.com/vulnerabilities/99950
Copyright	Copyright (C) 2015 Greenbone AG