CVE-2014-2205

Sažetak

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.

Reference

http://secunia.com/advisories/57114
http://www.securityfocus.com/archive/1/531255/100/0/threaded
http://www.securityfocus.com/bid/65771
https://kc.mcafee.com/corporate/index?page=content&id=SB10065
https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt

CVSS

Base:	6.3
Impact:	6.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:N/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:43

Objavljeno

26-02-2014 - 15:55