Vulnerability in Mcafee Epolicy_orchestrator

CVE-2012-4594

McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.

EPSS: 0.002 (36.2th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 2.0, 2.5, 2.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
mcafee-epolicy-idvalue-info-disc(78132) (vdb-entry, x_refsource_XF)