What is CVE-2015-0921?

CVE-2015-0921 is a vulnerability in Mcafee Epolicy_orchestrator. Published 2015-01-09.

Is CVE-2015-0921 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mcafee Epolicy_orchestrator

CVE-2015-0921

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTa…

EPSS: 0.582 (98.2th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 5.0.0, 5.0.1, 5.1.0
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

61922 (x_refsource_SECUNIA, third-party-advisory)
20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
1031519 (vdb-entry, x_refsource_SECTRACK)
macafee-cve20150921-info-disc(99950) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-0921?: CVE-2015-0921 is a vulnerability in Mcafee Epolicy_orchestrator. Published 2015-01-09.
Is CVE-2015-0921 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.