Arbitrary File Read Vulnerability in McAfee ePolicy Orchestrator (ePO) Import and Export Framework
CVE-2014-2205 · MEDIUM Severity
AV:N/AC:M/AU:S/C:C/I:N/A:N
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
Learn more about our External Network Penetration Testing.