Description
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57114
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10065
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531255/100/0/threaded
Exploit x_refsource_misc
https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65771
Scores
EPSS
0.0036
EPSS Percentile
58.1%
Details
CWE
CWE-264
Status
published
Products (8)
mcafee/epolicy_orchestrator
4.6.0
mcafee/epolicy_orchestrator
4.6.1
mcafee/epolicy_orchestrator
4.6.2
mcafee/epolicy_orchestrator
4.6.3
mcafee/epolicy_orchestrator
4.6.4
mcafee/epolicy_orchestrator
4.6.5
mcafee/epolicy_orchestrator
4.6.6
mcafee/epolicy_orchestrator
< 4.6.7
Published
Feb 26, 2014
Tracked Since
Feb 18, 2026