Description
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10207
Scores
CVSS v3
5.4
EPSS
0.0046
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Details
CWE
CWE-94
Status
published
Products (1)
mcafee/mcafee_threat_intelligence_exchange
2.1.0
Published
Jun 13, 2018
Tracked Since
Feb 18, 2026