Arbitrary File Read Vulnerability in McAfee ePolicy Orchestrator (ePO) Import and Export Framework

Arbitrary File Read Vulnerability in McAfee ePolicy Orchestrator (ePO) Import and Export Framework

CVE-2014-2205 · MEDIUM Severity

AV:N/AC:M/AU:S/C:C/I:N/A:N

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.

Learn more about our External Network Penetration Testing.