CVE-2018-6670
HIGHMcAfee Common UI < 2.0.3 - Authenticated XML External Entity Injection
Title source: llmDescription
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10236
Scores
CVSS v3
7.6
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
mcafee/common_catalog
< 2.0.3
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026