Vulnerabilites related to mcafee - epolicy_orchestrator_agent
CVE-2006-3623 (GCVE-0-2006-3623)
Vulnerability from cvelistv5
Published
2006-07-14 23:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060713.html"
},
{
"name": "epolicy-epo-directory-traversal(27738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738"
},
{
"name": "21037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21037"
},
{
"name": "ADV-2006-2796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2796"
},
{
"name": "27158",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27158"
},
{
"name": "18979",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18979"
},
{
"name": "20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded"
},
{
"name": "1016501",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060713.html"
},
{
"name": "epolicy-epo-directory-traversal(27738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738"
},
{
"name": "21037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21037"
},
{
"name": "ADV-2006-2796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2796"
},
{
"name": "27158",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27158"
},
{
"name": "18979",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18979"
},
{
"name": "20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded"
},
{
"name": "1016501",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eeye.com/html/research/advisories/AD20060713.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060713.html"
},
{
"name": "epolicy-epo-directory-traversal(27738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738"
},
{
"name": "21037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21037"
},
{
"name": "ADV-2006-2796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2796"
},
{
"name": "27158",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27158"
},
{
"name": "18979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18979"
},
{
"name": "20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded"
},
{
"name": "1016501",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3623",
"datePublished": "2006-07-14T23:00:00",
"dateReserved": "2006-07-14T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4882 (GCVE-0-2013-4882)
Vulnerability from cvelistv5
Published
2013-07-21 20:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4882",
"datePublished": "2013-07-21T20:00:00",
"dateReserved": "2013-07-21T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4883 (GCVE-0-2013-4883)
Vulnerability from cvelistv5
Published
2013-07-21 20:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95190",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95190"
},
{
"name": "95188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95188"
},
{
"name": "95187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95187"
},
{
"name": "95191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95191"
},
{
"name": "95189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95189"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95190",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95190"
},
{
"name": "95188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95188"
},
{
"name": "95187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95187"
},
{
"name": "95191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95191"
},
{
"name": "95189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95189"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95190",
"refsource": "OSVDB",
"url": "http://osvdb.org/95190"
},
{
"name": "95188",
"refsource": "OSVDB",
"url": "http://osvdb.org/95188"
},
{
"name": "95187",
"refsource": "OSVDB",
"url": "http://osvdb.org/95187"
},
{
"name": "95191",
"refsource": "OSVDB",
"url": "http://osvdb.org/95191"
},
{
"name": "95189",
"refsource": "OSVDB",
"url": "http://osvdb.org/95189"
},
{
"name": "20130712 Multiple vulnerabilities in McAfee ePO 4.6.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"name": "1028803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028803"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4883",
"datePublished": "2013-07-21T20:00:00",
"dateReserved": "2013-07-21T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-22 11:21
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | epolicy_orchestrator | * | |
| mcafee | epolicy_orchestrator | 4.6.0 | |
| mcafee | epolicy_orchestrator | 4.6.1 | |
| mcafee | epolicy_orchestrator | 4.6.2 | |
| mcafee | epolicy_orchestrator | 4.6.3 | |
| mcafee | epolicy_orchestrator | 4.6.4 | |
| mcafee | epolicy_orchestrator | 4.6.5 | |
| mcafee | epolicy_orchestrator_agent | 4.5 | |
| mcafee | epolicy_orchestrator_agent | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A6F94C-B342-411A-A9A5-F1A403306750",
"versionEndIncluding": "4.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D84606C7-E033-4864-A527-C75F4B7A307E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A1B55-452B-4D1F-908E-795197974F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A2CABB-0BCB-4266-BA58-9FC81E89555C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0080A5E-19E2-4BAA-BA80-1904A774CF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3171A1A7-E1B6-4957-BABE-DC0997ACB27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9284BEB-25CF-4888-AFDD-0073080361BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22E09874-70BE-433D-9FB9-0F98C610C2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF254FD-F56A-4519-9557-D28396130649",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee Agent (MA) 4.5 a la 4.6, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) core/showRegisteredTypeDetails.do y (2) EPOAGENTMETA/DisplayMSAPropsDetail.do. Vulnerabilidad distinta de CVE-2013-0140."
}
],
"id": "CVE-2013-4882",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-22T11:21:15.320",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028803"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-18 15:46
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | epolicy_orchestrator_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072DFC11-61DB-4F31-B095-9E7AF6363A24",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el componente Framework Service en McAfee ePolicy Orchestrator agent 3.5.0.x y anteriores permite a atacantes remotos crear archivos de su elecci\u00f3n a trav\u00e9s de una secuencia .. (punto punto) en el directorio y nombre de archivo en una respuesta PropsResponse (PackageType)."
}
],
"id": "CVE-2006-3623",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21037"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016501"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060713.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27158"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18979"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2796"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060713.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-22 11:21
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | epolicy_orchestrator | * | |
| mcafee | epolicy_orchestrator | 4.6.0 | |
| mcafee | epolicy_orchestrator | 4.6.1 | |
| mcafee | epolicy_orchestrator | 4.6.2 | |
| mcafee | epolicy_orchestrator | 4.6.3 | |
| mcafee | epolicy_orchestrator | 4.6.4 | |
| mcafee | epolicy_orchestrator | 4.6.5 | |
| mcafee | epolicy_orchestrator_agent | 4.5 | |
| mcafee | epolicy_orchestrator_agent | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A6F94C-B342-411A-A9A5-F1A403306750",
"versionEndIncluding": "4.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D84606C7-E033-4864-A527-C75F4B7A307E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A1B55-452B-4D1F-908E-795197974F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A2CABB-0BCB-4266-BA58-9FC81E89555C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0080A5E-19E2-4BAA-BA80-1904A774CF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3171A1A7-E1B6-4957-BABE-DC0997ACB27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9284BEB-25CF-4888-AFDD-0073080361BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22E09874-70BE-433D-9FB9-0F98C610C2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator_agent:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF254FD-F56A-4519-9557-D28396130649",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension para McAfee Agent (MA) 4.5 a la 4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro (1) instanceId a core/loadDisplayType.do; del par\u00e1metro (2) instanceId o (3) monitorUrl a console/createDashboardContainer.do; del par\u00e1metro uid a (4) ComputerMgmt/sysDetPanelBoolPie.do o (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, o del par\u00e1metro(8) ajaxMode a ComputerMgmt/sysDetPanelQry.do; o (9) uid, (10) orion.user.security.token, o del par\u00e1metro (11) ajaxMode a ComputerMgmt/sysDetPanelSummary.do."
}
],
"id": "CVE-2013-4883",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-22T11:21:15.450",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95187"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95188"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95189"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95190"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95191"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028803"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/527228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB78824"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}