Описание
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Ссылки
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.8:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.9:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00262
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
EPSS
Процентиль: 49%
0.00262
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-310