CVE-2022-0857 MEDIUM

CVE-2022-0857: ePO Reflected Cross-site scripting vulnerability

Vendor Mcafee,Llc

Product McAfee ePolicy Orchestrator (ePO)

Weakness CWE-79 · XSS

Published March 23, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.

Key dates

02Disclosure timeline

March 23, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0857 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-0857

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions