CVE-2018-6660

SB10228 ePO Directory Traversal vulnerability

CVSS 6.2 MEDIUMEPSS 1.7%

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

Affected products

McAfee · ePolicy Orchestrator (ePO)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10228 http://www.securityfocus.com/bid/103392 http://www.securitytracker.com/id/1040884