Описание
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.11 (исключая)
cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00703
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
EPSS
Процентиль: 72%
0.00703
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
CWE-918