This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote host is affected by an XML entity injection
The remote Windows host is running a version of McAfee ePolicy
Orchestrator (ePO) prior to 4.6.7 hotfix 940148. It is, therefore,
affected by an XML entity injection vulnerability due to a failure to
properly sanitize user-supplied input. An authenticated, remote
attacker with permission to add new dashboards can exploit this
vulnerability to access arbitrary server side system files.
See also :
Upgrade to McAfee ePO version 4.6.7 hotfix 940148 or later.
Risk factor :
Medium / CVSS Base Score : 6.3
CVSS Temporal Score : 5.5
Public Exploit Available : true