McAfee ePolicy Orchestrator < 4.6.7 HF940148 XML Entity Injection (SB10065)
Medium Nessus Plugin ID 72729
SynopsisThe remote host is affected by an XML entity injection vulnerability.
DescriptionThe remote Windows host is running a version of McAfee ePolicy Orchestrator (ePO) prior to 4.6.7 hotfix 940148. It is, therefore, affected by an XML entity injection vulnerability due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker with permission to add new dashboards can exploit this vulnerability to access arbitrary server side system files.
SolutionUpgrade to McAfee ePO version 4.6.7 hotfix 940148 or later.