CVE-2022-0861

Summary

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

Affected Software

VendorProductVersion RangeStatus
McAfee,LLCMcAfee ePolicy Orchestrator (ePO)unspecified < 5.10 CU 13affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References