Vulnerability in McAfee ePolicy Orchestrator
Severity Rating: Medium
- Version(s): 5.1.3 and prior
A vulnerability was identified in McAfee ePolicy Orchestrator that could allow a remote user to conduct cross-site scripting attacks.
This vulnerability exists because the ePolicy Orchestrator (ePO) computer management services component does not properly filter HTML code from user-supplied input before displaying the input.
An attacker could exploit this vulnerability by persuading a user to visit a malicious URL that is designed to submit malicious Java scripts to the affected software. On successful exploitation of this vulnerability, an attacker can cause arbitrary scripting code to be executed by the target user's browser. As a result, this could allow the attacker to view sensitive information, including user authentication cookies and access data recently submitted to the affected site or act as the targeted user on the site running the affected software.
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street