CVE-2018-6660 MEDIUM

CVE-2018-6660: SB10228 ePO Directory Traversal vulnerability

Vendor Mcafee
Product ePolicy Orchestrator (ePO)
Published April 2, 2018
Last update September 16, 2024

CVSS base score

6.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

What the vulnerability does

01Description

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Key dates

02Disclosure timeline

April 2, 2018 CVE published
September 16, 2024 Record updated