Description
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_misc
http://www.osvdb.org/5626
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10200
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14166
Vendor Advisory x_refsource_confirm
http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt
Patch, Vendor Advisory third-party-advisory
x_refsource_iss
http://xforce.iss.net/xforce/alerts/id/173
Scores
EPSS
0.0178
EPSS Percentile
83.0%
Details
Status
published
Products (3)
mcafee/epolicy_orchestrator
2.5 (2 CPE variants)
mcafee/epolicy_orchestrator
2.5.1
mcafee/epolicy_orchestrator
3.0 (2 CPE variants)
Published
Jun 14, 2004
Tracked Since
Feb 18, 2026