CVE-2018-6671 MEDIUM

CVE-2018-6671: SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability

Vendor Mcafee
Product ePolicy Orchestrator (ePO)
Published June 15, 2018
Last update August 5, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.

Key dates

02Disclosure timeline

June 15, 2018 CVE published
August 5, 2024 Record updated