CVE-2018-6671

Summary

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
McAfeeePolicy Orchestrator (ePO)5.3.0 through 5.3.3 < 5.3.3 with hotfix EPO5xHF1229850affected
McAfeeePolicy Orchestrator (ePO)5.9.0 through 5.9.1 < 5.9.1 with hotfix EPO5xHF1229850affected

Weaknesses

  • Application Protection Bypass vulnerability

ADP Enrichment

CVE Program Container

Additional References

References