McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS

medium Nessus Plugin ID 68933

Synopsis

A security management application on the remote host has multiple cross-site scripting vulnerabilities.

Description

According to its self-reported version, the version of McAfee ePolicy Orchestrator (ePO) running on the remote host is 4.6.6 or earlier, and therefore, has multiple reflected cross-site scripting vulnerabilities. An attacker could exploit any of these issues by tricking a user into requesting a specially crafted URL, resulting in arbitrary script code execution.

Solution

There is no solution available at this time.

McAfee plans on fixing these vulnerabilities in ePO version 4.6.7, which is scheduled to be released in late Q3 2013.

See Also

https://seclists.org/bugtraq/2013/Jul/80

https://kc.mcafee.com/corporate/index?page=content&id=KB78824

Plugin Details

Severity: Medium

ID: 68933

File Name: mcafee_epo_kb78824.nasl

Version: 1.10

Type: remote

Published: 7/17/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: www/epo_app_server

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/12/2013

Reference Information

CVE: CVE-2013-4883

BID: 61422

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990