CVE-2018-6660

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

Published: Apr 2, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-6660
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
mcafee / epolicy_orchestrator	5.3.0	5.3.0.x
mcafee / epolicy_orchestrator	5.3.1	5.3.1.x
mcafee / epolicy_orchestrator	5.3.2	5.3.2.x
mcafee / epolicy_orchestrator	5.9.0	5.9.0.x

http://www.securityfocus.com/bid/103392
http://www.securitytracker.com/id/1040884
https://kc.mcafee.com/corporate/index?page=content&id=SB10228

Vulnerability Database

289,697

CVE-2018-6660