Two vulnerabilities in McAfee ePolicy Orchestrator May 2013

by butsch 6. May 2013 14:38

Two vulnerabilities in McAfee ePolicy Orchestrator (ePO) have been discovered and resolved.

 

Affected Product Versions

·         ePO 4.5 (RTW) to ePO 4.5.6

·         ePO 4.6 (RTW) to ePO 4.6.5

 

Protected Versions

These products are NOT affected:

·         ePO 4.5.7 (or later)

·         ePO 4.6.6 (or later)

·         ePO 5.0 (or later)

 

Impact

·         VESVM-2013-001 (CVSS: 6.2; Severity: High) is a server-side pre-authenticated SQL Injection within the Agent-Handler component (Agent-Server communication channel) that, if exploited, can lead to remote code execution (RCE).

·         VESVM-2013-002 (CVSS: 3.4; Severity: Low) is a server-side pre-authenticated directory path traversal within a file upload process that, if exploited, can lead to an arbitrary file upload under the ePO installation folder.

 

Recommendation

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes.

 

For full instructions and information, see McAfee KnowledgeBase article SB10042, McAfee Security Bulletin - ePO update fixes two vulnerabilities reported by Verizon (https://kc.mcafee.com/corporate/index?page=content&id=SB10042)

Tags:

Mcafee ENS, EPO, DLP, TIE, ATD, VSE, MSME

Submit to DotNetKicks...
Permalink | Comments (0)
Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

CategoryList

PostList
Werbung von Drittfirmen via Google Adsense: