Web application abuses : McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.803865

Kategorie: Web application abuses

Titel: McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13

Zusammenfassung: This host is running McAfee ePolicy Orchestrator and is prone to multiple;vulnerabilities.

Beschreibung: Summary:
This host is running McAfee ePolicy Orchestrator and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to improper sanitation of user supplied input via:

- 'instanceId' parameter upon submission to the /core/loadDisplayType.do
script.

- 'instanceId', 'orion.user.security.token', and 'ajaxMode' parameters upon
submission to the /console/createDashboardContainer.do script.

- 'uid' parameter upon submission to the /core/showRegisteredTypeDetails.do
and /ComputerMgmt/sysDetPanelBoolPie.do scripts.

- 'uid', 'orion.user.security.token', and 'ajaxMode' parameters upon submission
to the /ComputerMgmt/sysDetPanelSummary.do and /ComputerMgmt/sysDetPanelQry.do
scripts.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary HTML
or script code in a user's browser session in the context of an affected
site and inject or manipulate SQL queries in the back-end database, allowing
for the manipulation or disclosure of arbitrary data.

Affected Software/OS:
McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier

Solution:
Upgrade to McAfee ePolicy Orchestrator version 4.5.7 or higher.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: BugTraq ID: 61421
BugTraq ID: 61422
Common Vulnerability Exposure (CVE) ID: CVE-2013-4882
Bugtraq: 20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (Google Search)
http://www.securityfocus.com/archive/1/527228
http://www.securitytracker.com/id/1028803
Common Vulnerability Exposure (CVE) ID: CVE-2013-4883
http://osvdb.org/95187
http://osvdb.org/95188
http://osvdb.org/95189
http://osvdb.org/95190
http://osvdb.org/95191

Copyright Copyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.803865
Kategorie:	Web application abuses
Titel:	McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13
Zusammenfassung:	This host is running McAfee ePolicy Orchestrator and is prone to multiple;vulnerabilities.
Beschreibung:	Summary: This host is running McAfee ePolicy Orchestrator and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to improper sanitation of user supplied input via: - 'instanceId' parameter upon submission to the /core/loadDisplayType.do script. - 'instanceId', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /console/createDashboardContainer.do script. - 'uid' parameter upon submission to the /core/showRegisteredTypeDetails.do and /ComputerMgmt/sysDetPanelBoolPie.do scripts. - 'uid', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /ComputerMgmt/sysDetPanelSummary.do and /ComputerMgmt/sysDetPanelQry.do scripts. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier Solution: Upgrade to McAfee ePolicy Orchestrator version 4.5.7 or higher. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	BugTraq ID: 61421 BugTraq ID: 61422 Common Vulnerability Exposure (CVE) ID: CVE-2013-4882 Bugtraq: 20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (Google Search) http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 Common Vulnerability Exposure (CVE) ID: CVE-2013-4883 http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191
Copyright	Copyright (C) 2013 Greenbone Networks GmbH