CVE-2022-3338

MEDIUM

ePO <5.10 Update 14 - SSRF

Title source: llm

Description

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

References (1)

Scores

CVSS v3 5.4
EPSS 0.0035
EPSS Percentile 57.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Classification

CWE
CWE-611
Status published

Affected Products (15)

mcafee/epolicy_orchestrator < 5.10.0
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator

Timeline

Published Oct 18, 2022
Tracked Since Feb 18, 2026