mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
105 lines
3.7 KiB
JSON
105 lines
3.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@mcafee.com",
|
|
"ID": "CVE-2018-6671",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ePolicy Orchestrator (ePO)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"affected": "<",
|
|
"version_name": "5.3.0 through 5.3.3",
|
|
"version_value": "5.3.3 with hotfix EPO5xHF1229850"
|
|
},
|
|
{
|
|
"affected": "<",
|
|
"version_name": "5.9.0 through 5.9.1",
|
|
"version_value": "5.9.1 with hotfix EPO5xHF1229850"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "McAfee"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.7,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Application Protection Bypass vulnerability\n"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "104485",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/104485"
|
|
},
|
|
{
|
|
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10240",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10240"
|
|
},
|
|
{
|
|
"name": "46518",
|
|
"refsource": "EXPLOIT-DB",
|
|
"url": "https://www.exploit-db.com/exploits/46518/"
|
|
},
|
|
{
|
|
"name": "1041155",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1041155"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "SB10240",
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |