Vulnerability Description
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Epolicy Orchestrator | <= 4.6.7 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/57114Vendor Advisory
- http://www.securityfocus.com/archive/1/531255/100/0/threaded
- http://www.securityfocus.com/bid/65771
- https://kc.mcafee.com/corporate/index?page=content&id=SB10065Vendor Advisory
- https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txtExploit
- http://secunia.com/advisories/57114Vendor Advisory
- http://www.securityfocus.com/archive/1/531255/100/0/threaded
- http://www.securityfocus.com/bid/65771
- https://kc.mcafee.com/corporate/index?page=content&id=SB10065Vendor Advisory
- https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txtExploit
FAQ
What is CVE-2014-2205?
CVE-2014-2205 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importin...
How severe is CVE-2014-2205?
CVE-2014-2205 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2205?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Epolicy Orchestrator.