CVE-2018-6660

Summary

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Affected Software

VendorProductVersion RangeStatus
McAfeeePolicy Orchestrator (ePO)5.3.2affected
McAfeeePolicy Orchestrator (ePO)5.3.1affected
McAfeeePolicy Orchestrator (ePO)5.3.0affected
McAfeeePolicy Orchestrator (ePO)5.9.0affected

Weaknesses

  • Directory Traversal vulnerability

ADP Enrichment

CVE Program Container

Additional References

References