Description
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98559
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10196
Scores
CVSS v3
7.2
EPSS
0.0345
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (4)
McAfee/ePolicy Orchestrator (ePO)
5.1.3 and earlier
McAfee/ePolicy Orchestrator (ePO)
5.3.2 and earlier
McAfee/ePolicy Orchestrator (ePO)
5.9.0 and earlier
mcafee/epolicy_orchestrator
< 5.1.3
Published
May 18, 2017
Tracked Since
Feb 18, 2026