Mcafee Epolicy Orchestrator — known CVE vulnerabilities
Every CVE whose affected-product data names Mcafee Epolicy Orchestrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (86)
CVE-2016-8027 — CVSS 10.0 (critical): SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier…
CVE-2006-5156 — CVSS 10.0 (critical): Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute…
CVE-2002-0690 — CVSS 10.0 (critical): Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an…
CVE-2007-1498 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in…
CVE-2015-8765 — CVSS 8.3 (high): Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041…
CVE-2020-2604 — CVSS 8.1 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2023-5444 — CVSS 8.0 (high): A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to…
CVE-2013-0140 — CVSS 7.9 (high): SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows…
CVE-2006-5274 — CVSS 7.6 (high): Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA)…
CVE-2019-2602 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2003-0149 — CVSS 7.5 (high): Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary…
CVE-2003-0616 — CVSS 7.5 (high): Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary…
CVE-2004-0038 — CVSS 7.5 (high): McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain…
CVE-2020-13935 — CVSS 7.5 (high): The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to…
CVE-2021-23840 — CVSS 7.5 (high): Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input…
CVE-2021-30639 — CVSS 7.5 (high): A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2017-3980 — CVSS 7.2 (high): A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows…
CVE-2003-0148 — CVSS 7.2 (high): The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of…
CVE-2020-9484 — CVSS 7.0 (high): When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is…
CVE-2019-3619 — CVSS 6.8 (medium): Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4…
CVE-2019-2949 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are…
CVE-2013-4882 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for…
CVE-2021-23890 — CVSS 6.5 (medium): Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated…
CVE-2022-0859 — CVSS 6.5 (medium): McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL…
CVE-2021-23888 — CVSS 6.3 (medium): Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an…
CVE-2014-2205 — CVSS 6.3 (medium): The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with…
CVE-2018-6660 — CVSS 6.2 (medium): Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows…
CVE-2017-3936 — CVSS 6.2 (medium): OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows…
CVE-2021-2161 — CVSS 5.9 (medium): Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)…
CVE-2015-2859 — CVSS 5.8 (medium): Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority…
CVE-2018-6672 — CVSS 5.7 (medium): Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated…
CVE-2008-1357 — CVSS 5.4 (medium): Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and…
CVE-2017-3902 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows…
CVE-2021-31834 — CVSS 5.4 (medium): Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject…
CVE-2022-0842 — CVSS 5.4 (medium): A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated…
CVE-2022-0857 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a…
CVE-2022-3338 — CVSS 5.4 (medium): An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially…
CVE-2022-3339 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially…
CVE-2023-3946 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to…
CVE-2023-5445 — CVSS 5.4 (medium): An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL…
CVE-2021-33037 — CVSS 5.3 (medium): Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header…
CVE-2020-14621 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java…
CVE-2019-2762 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected…
CVE-2019-2769 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected…
CVE-2019-2745 — CVSS 5.1 (medium): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221…
CVE-2015-0922 — CVSS 5.0 (medium): McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations…
CVE-2003-0610 — CVSS 5.0 (medium): Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a…
CVE-2004-0095 — CVSS 5.0 (medium): McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute…
CVE-2020-2593 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are…
CVE-2021-31835 — CVSS 4.8 (medium): Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject…
CVE-2019-2975 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are…
CVE-2019-2816 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected…
CVE-2018-6671 — CVSS 4.7 (medium): Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote…
CVE-2020-7317 — CVSS 4.6 (medium): Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary…
CVE-2020-7318 — CVSS 4.6 (medium): Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary…
CVE-2013-4883 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee…
CVE-2022-0858 — CVSS 4.3 (medium): A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker…
CVE-2015-4559 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy…
CVE-2013-0141 — CVSS 4.3 (medium): Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to…
CVE-2020-14792 — CVSS 4.2 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are…
CVE-2015-0921 — CVSS 4.0 (medium): XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2…
CVE-2012-4594 — CVSS 4.0 (medium): McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain…
CVE-2019-2842 — CVSS 3.7 (low): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212…
CVE-2020-14578 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-14579 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-14581 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE…
CVE-2020-14782 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-2583 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2020-2590 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are…
CVE-2020-2654 — CVSS 3.7 (low): Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241…
CVE-2020-2754 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are…
CVE-2020-2755 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are…
CVE-2020-2756 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2020-2757 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2020-2773 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are…
CVE-2021-2432 — CVSS 3.7 (low): Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301…
CVE-2019-2894 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are…
CVE-2021-23889 — CVSS 3.5 (low): Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject…
CVE-2022-0861 — CVSS 3.5 (low): A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator…
CVE-2019-2933 — CVSS 3.1 (low): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2022-0862 — CVSS 3.1 (low): A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10…
CVE-2019-2766 — CVSS 3.1 (low): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected…