XML Extended Entity (XXE) Vulnerability in McAfee ePO Prior to 5.10 Update 13

XML Extended Entity (XXE) Vulnerability in McAfee ePO Prior to 5.10 Update 13

CVE-2022-0861 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

Learn more about our Web Application Penetration Testing UK.