CVE-2022-0858

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 4.7

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Broken Link
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*

Версия до 5.10.0 (исключая)

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00216

Низкий

4.3 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-crg3-773m-8xr8

CVSS3: 6.1

github

почти 4 года назад

EPSS

Процентиль: 44%

0.00216

Низкий

4.3 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79