CVE-2012-4594
McAfee ePolicy Orchestrator <= 4.6.1 - Authenticated Information Disclosure via Console URL ID Manipulation
Title source: llmDescription
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10025
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78132
Scores
EPSS
0.0016
EPSS Percentile
35.9%
Details
CWE
CWE-264
Status
published
Products (11)
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
2.0
mcafee/epolicy_orchestrator
2.5 (2 CPE variants)
mcafee/epolicy_orchestrator
2.5.1
mcafee/epolicy_orchestrator
3.0 (2 CPE variants)
mcafee/epolicy_orchestrator
3.5.0
mcafee/epolicy_orchestrator
3.6.0
mcafee/epolicy_orchestrator
3.6.1
mcafee/epolicy_orchestrator
4.0
mcafee/epolicy_orchestrator
4.5.0
... and 1 more
Published
Aug 22, 2012
Tracked Since
Feb 18, 2026