CVE-2023-5445
MEDIUMMcAfee ePolicy Orchestrator < 5.10.0 - Authenticated Open Redirect via Dashboard URL Parameter
Title source: llmDescription
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
References (1)
Core 1
Core References
Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10410
Scores
CVSS v3
5.4
EPSS
0.0018
EPSS Percentile
38.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
mcafee/epolicy_orchestrator
5.10.0 service_pack_1_update (19 CPE variants)
mcafee/epolicy_orchestrator
< 5.10.0
Published
Nov 17, 2023
Tracked Since
Feb 18, 2026