CVE-2013-0141

Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.

Published: May 1, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0141
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:A/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
mcafee / epolicy_orchestrator	2.5.1	2.5.1.x
mcafee / epolicy_orchestrator	4.5.4	4.5.4.x
mcafee / epolicy_orchestrator	3.0	3.0.x
mcafee / epolicy_orchestrator	-	4.5.6.x
mcafee / epolicy_orchestrator	3.0-sp2a	3.0-sp2a.x
mcafee / epolicy_orchestrator	2.5	2.5.x
mcafee / epolicy_orchestrator	4.5.0	4.5.0.x
mcafee / epolicy_orchestrator	4.0	4.0.x
mcafee / epolicy_orchestrator	2.5-sp1	2.5-sp1.x
mcafee / epolicy_orchestrator	3.6.0	3.6.0.x
mcafee / epolicy_orchestrator	4.5.5	4.5.5.x
mcafee / epolicy_orchestrator	3.5.0	3.5.0.x
mcafee / epolicy_orchestrator	2.0	2.0.x
mcafee / epolicy_orchestrator	4.5.3	4.5.3.x
mcafee / epolicy_orchestrator	3.6.1	3.6.1.x
mcafee / epolicy_orchestrator	4.6.0	4.6.0.x
mcafee / epolicy_orchestrator	4.6.5	4.6.5.x
mcafee / epolicy_orchestrator	4.6.3	4.6.3.x
mcafee / epolicy_orchestrator	4.6.2	4.6.2.x
mcafee / epolicy_orchestrator	4.6.4	4.6.4.x
mcafee / epolicy_orchestrator	4.6.1	4.6.1.x

Vulnerability Database

289,697

CVE-2013-0141