The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
2014-02-26T15:55:08.983
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.3 (MEDIUM)
AV:N/AC:M/Au:S/C:C/I:N/A:N
6.8
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mcafee | epolicy_orchestrator | ≤ 4.6.7 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.0 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.1 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.2 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.3 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.4 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.5 | Yes |
| Application | mcafee | epolicy_orchestrator | 4.6.6 | Yes |