The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
Software | From | Fixed in |
---|---|---|
network_associates / epolicy_orchestrator_agent | 3.5.0_(patch_3) | 3.5.0_(patch_3).x |