McAfee ePO DLPe Extension < 9.3.416.4 Multiple Vulnerabilities (SB10111)

Medium Nessus Plugin ID 82620


The remote host is affected by multiple vulnerabilities.


The remote McAfee ePO server has a version of the McAfee Data Loss Protection Endpoint (DLPe) installed that is affected by multiple vulnerabilities :

- The ePO extension is affected by an unspecified denial of service vulnerability via a database lock or license corruption, which can be exploited by an authenticated, remote attacker. (CVE-2015-2757)

- An information disclosure vulnerability exists in the ePO extension that allows an authenticated, remote attacker to obtain sensitive information or modify the database by using a specially crafted URL.

- Multiple cross-site request forgery vulnerabilities exist in the ePO extension that allow a remote attacker to hijack the authentication of users, resulting in disclosure of sensitive information or modification of the database. (CVE-2015-2759)

- An unspecified cross-site scripting vulnerability exists in the ePO extension, which an authenticated, remote attacker can exploit to inject arbitrary script or HTML.


Upgrade to DLPe 9.3 Patch 4 Hotfix 16 (9.3.416.4) or later.

See Also

Plugin Details

Severity: Medium

ID: 82620

File Name: mcafee_epo_sb10111.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2015/04/07

Modified: 2016/12/19

Dependencies: 67119

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:data_loss_prevention_endpoint

Required KB Items: SMB/mcafee_epo/Path, SMB/mcafee_epo/ver

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/03/26

Vulnerability Publication Date: 2015/03/26

Reference Information

CVE: CVE-2015-2757, CVE-2015-2758, CVE-2015-2759, CVE-2015-2760

BID: 73193, 73397, 73399, 73403

OSVDB: 120049, 120050, 120051, 120052

IAVA: 2015-A-0118