CVE-2021-23888
MEDIUMMcAfee ePolicy Orchestrator < 5.10.0 - Authenticated Open Redirect via Unvalidated Client-Side URL
Title source: llmDescription
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10352
Scores
CVSS v3
6.3
EPSS
0.0050
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
mcafee/epolicy_orchestrator
5.10.0 (10 CPE variants)
mcafee/epolicy_orchestrator
< 5.10.0
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026