New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.4
SynopsisA security management application running on the remote host is affected by multiple vulnerabilities
DescriptionThe instance of McAfee ePolicy Orchestrator installed on the remote host is affected by multiple vulnerabilities including the following:
- Multiple denial of service (DoS) vulnerabilities exist in McAfee ePolicy Orchestrator's bundled component Apache Tomcat due to insufficient validation of user input. An unauthenticated, remote attacker can exploit these issues, by sending specially crafted requests to an affected host, to impose DoS conditions (CVE-2020-9484, CVE-2020-13935).
- An authentication bypass vulnerability exists in McAfee ePolicy Orchestrator. An unauthenticated, remote attacker can exploit this, to bypass authentication and access / update sensitive data (CVE-2020-14621).
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
SolutionUpgrade to McAfee ePO version 5.10.0 Update 9