Description
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| McAfee | ePolicy Orchestrator (ePO) | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2018-18407 | Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: trellix
Published:
Updated: 2024-09-16T22:40:52.250Z
Reserved: 2018-02-06T00:00:00.000Z
Link: CVE-2018-6660
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-04-02T13:29:00.280
Modified: 2024-11-21T04:11:04.330
Link: CVE-2018-6660
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses