Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-14


Vulnerability in McAfee ePolicy Orchestrator
Severity Rating: Medium
System Affected:  
 
  • Version(s): 5.1.3 and prior
Description:
A vulnerability was identified in McAfee ePolicy Orchestrator that could allow a remote user to conduct cross-site scripting attacks.
This vulnerability exists because the ePolicy Orchestrator (ePO) computer management services component does not properly filter HTML code from user-supplied input before displaying the input.
An attacker could exploit this vulnerability by persuading a user to visit a malicious URL that is designed to submit malicious Java scripts to the affected software. On successful exploitation of this vulnerability, an attacker can cause arbitrary scripting code to be executed by the target user's browser. As a result, this could allow the attacker to view sensitive information, including user authentication cookies and access data recently submitted to the affected site or act as the targeted user on the site running the affected software.
Source:
Solution
Users are advised to apply updates.
More information is available on:
McAfee
 
 
Vendor Information
McAfee
 
CVE Information
 
References
Security Tracker
Cisco
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis