NVD

Id
23343  
Name
CVE-2015-0921  
Description
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2015-01-09  
Modified Date
2017-01-02  
Seq
2015-0921  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
123874 23343 CVE-2015-0921 http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html  View
123875 23343 CVE-2015-0921 20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure  View
123876 23343 CVE-2015-0921 20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure  View
123877 23343 CVE-2015-0921 61922  View
123878 23343 CVE-2015-0921 1031519  View
123879 23343 CVE-2015-0921 macafee-cve20150921-info-disc(99950)  View
123880 23343 CVE-2015-0921 https://gist.github.com/brandonprry/692e553975bf29aeaf2c  View
123881 23343 CVE-2015-0921 https://kc.mcafee.com/corporate/index?page=content&id=SB10095  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5699 JVNDB-2015-001019 McAfee ePolicy Orchestrator の Server Task Log における XML 外部エンティティの脆弱性 McAfee ePolicy Orchestrator (ePO) の Server Task Log には、XML 外部エンティティ (XXE) の脆弱性が存在します。 CVE-2015-0921 78132 CVE-2015-0921 23343 4 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001019.html 2015-01-06 2015-01-15 View