CVE-2018-6660
6.2
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H
Summary
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee | ePolicy Orchestrator (ePO) | 5.3.2 | affected |
| McAfee | ePolicy Orchestrator (ePO) | 5.3.1 | affected |
| McAfee | ePolicy Orchestrator (ePO) | 5.3.0 | affected |
| McAfee | ePolicy Orchestrator (ePO) | 5.9.0 | affected |
Weaknesses
- Directory Traversal vulnerability
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103392
- http://www.securitytracker.com/id/1040884
- https://kc.mcafee.com/corporate/index?page=content&id=SB10228
References
- http://www.securityfocus.com/bid/103392
- http://www.securitytracker.com/id/1040884
- https://kc.mcafee.com/corporate/index?page=content&id=SB10228
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.