Directory Traversal Vulnerability in McAfee ePolicy Orchestrator (ePO) Allows Bypassing File Extensions via Windows Alternate Data Streams

CVE-2018-6660 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Learn more about our Web Application Penetration Testing UK.