Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803865 |
Kategorie: | Web application abuses |
Titel: | McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13 |
Zusammenfassung: | This host is running McAfee ePolicy Orchestrator and is prone to multiple;vulnerabilities. |
Beschreibung: | Summary: This host is running McAfee ePolicy Orchestrator and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to improper sanitation of user supplied input via: - 'instanceId' parameter upon submission to the /core/loadDisplayType.do script. - 'instanceId', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /console/createDashboardContainer.do script. - 'uid' parameter upon submission to the /core/showRegisteredTypeDetails.do and /ComputerMgmt/sysDetPanelBoolPie.do scripts. - 'uid', 'orion.user.security.token', and 'ajaxMode' parameters upon submission to the /ComputerMgmt/sysDetPanelSummary.do and /ComputerMgmt/sysDetPanelQry.do scripts. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier Solution: Upgrade to McAfee ePolicy Orchestrator version 4.5.7 or higher. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 61421 BugTraq ID: 61422 Common Vulnerability Exposure (CVE) ID: CVE-2013-4882 Bugtraq: 20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (Google Search) http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 Common Vulnerability Exposure (CVE) ID: CVE-2013-4883 http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |