Computer Security
[EN] securityvulns.ru no-pyccku


McAfee ePolicy Orchestrator security vulnerability
updated since 15.07.2013
Published:16.07.2013
Source:
SecurityVulns ID:13167
Type:remote
Threat Level:
7/10
Description:Few vulnerabilities are used in-the-wild to compromise corporate networks.
Affected:MCAFEE : ePolicy Orchestrator 4.5
 MCAFEE : ePolicy Orchestrator 4.6
CVE:CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.)
 CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.)
Original documentdocumentMCAFEE, Re: Multiple vulnerabilities in McAfee ePO 4.6.6 (16.07.2013)
 documentNCIRC INFOSEC EVAL, Multiple vulnerabilities in McAfee ePO 4.6.6 (15.07.2013)
 documentCERT, TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO) (15.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod