SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   McAfee ePolicy Orchestrator Vendors:   McAfee
McAfee ePolicy Orchestrator XML External Entity Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1029819
SecurityTracker URL:  http://securitytracker.com/id/1029819
CVE Reference:   CVE-2014-2205   (Links to External Site)
Updated:  Feb 26 2014
Original Entry Date:  Feb 25 2014
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.6.7 and prior
Description:   A vulnerability was reported in McAfee ePolicy Orchestrator. A remote authenticated user can obtain files from the target system.

A remote authenticated user with privileges to create new dashboards can supply specially crafted XML data to read files on the target system.

The vendor was notified on November 22, 2013.

The original advisory is available at:

https://www.redteam-pentesting.de/advisories/rt-sa-2014-001

RedTeam Pentesting GmbH reported this vulnerability.

Impact:   A remote authenticated user can obtain files from the target system.
Solution:   The vendor has issued a fix (4.6.7 Hotfix 940148).

The vendor's advisory is available at:

https://kc.mcafee.com/corporate/index?page=content&id=SB10065

Vendor URL:  kc.mcafee.com/corporate/index?page=content&id=SB10065 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC