CVE-2015-4559: XSS
First published: Mon Jun 15 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trellix ePolicy Orchestrator | <=5.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4559?
CVE-2015-4559 is classified as a Medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2015-4559?
To fix CVE-2015-4559, upgrade your Intel McAfee ePolicy Orchestrator to version 5.1.2 or later.
What applications are affected by CVE-2015-4559?
CVE-2015-4559 affects Intel McAfee ePolicy Orchestrator versions prior to 5.1.2, including 5.1.1 and earlier.
Can CVE-2015-4559 be exploited remotely?
Yes, CVE-2015-4559 can be exploited remotely by attackers through unspecified vectors that allow them to inject web scripts or HTML.
What type of attack does CVE-2015-4559 enable?
CVE-2015-4559 enables cross-site scripting (XSS) attacks, which can lead to the execution of malicious scripts in a user's browser.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.1.1