XML External Entity (XXE) Vulnerability in McAfee ePolicy Orchestrator (ePO) Server Task Log

XML External Entity (XXE) Vulnerability in McAfee ePolicy Orchestrator (ePO) Server Task Log

CVE-2015-0921 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

Learn more about our Cis Benchmark Audit For Server Software.