Vulnerability in Mcafee Epolicy_orchestrator

CVE-2014-2205

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML…

EPSS: 0.004 (58.3th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 4.6.0, 4.6.1, 4.6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

57114 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
65771 (vdb-entry, x_refsource_BID)