What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2021-31834.

What is the severity of CVE-2021-31834?

The severity of CVE-2021-31834 is medium with a CVSS score of 5.4.

What is the affected software for CVE-2021-31834?

The affected software for CVE-2021-31834 is McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11.

How can I fix CVE-2021-31834?

To fix CVE-2021-31834, users should update to McAfee ePolicy Orchestrator (ePO) version 5.10 Update 11 or later.

Vulnerability/
CVE-2021-31834

medium

5.4

CWE

22/10/2021

3/8/2024

CVE-2021-31834: McAfee ePO Cross-Site Scripting vulnerability

Q: How can the vulnerability be exploited?

The vulnerability can be exploited by ePO administrators injecting arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

First published: Fri Oct 22 2021(Updated: )

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
McAfee ePolicy Orchestrator	<5.10.0
McAfee ePolicy Orchestrator	=5.10.0
McAfee ePolicy Orchestrator	=5.10.0
McAfee ePolicy Orchestrator	=5.10.0-update_1
McAfee ePolicy Orchestrator	=5.10.0-update_10
McAfee ePolicy Orchestrator	=5.10.0-update_2
McAfee ePolicy Orchestrator	=5.10.0-update_3
McAfee ePolicy Orchestrator	=5.10.0-update_4
McAfee ePolicy Orchestrator	=5.10.0-update_5
McAfee ePolicy Orchestrator	=5.10.0-update_6
McAfee ePolicy Orchestrator	=5.10.0-update_7
McAfee ePolicy Orchestrator	=5.10.0-update_8
McAfee ePolicy Orchestrator	=5.10.0-update_9

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10366

Never miss a vulnerability like this again

Reference Links

https://kc.mcafee.com/corporate/index?page=content&id=SB10366

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2021-31834.
What is the severity of CVE-2021-31834?
The severity of CVE-2021-31834 is medium with a CVSS score of 5.4.
What is the affected software for CVE-2021-31834?
The affected software for CVE-2021-31834 is McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11.
How can the vulnerability be exploited?
The vulnerability can be exploited by ePO administrators injecting arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
How can I fix CVE-2021-31834?
To fix CVE-2021-31834, users should update to McAfee ePolicy Orchestrator (ePO) version 5.10 Update 11 or later.

collector/nvd-index
collector/nvd-api
agent/author
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/title
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/tags
agent/type
agent/description
agent/first-publish-date
agent/event
vendor/mcafee
canonical/mcafee epolicy orchestrator
version/mcafee epolicy orchestrator/5.10.0
version/mcafee epolicy orchestrator/5.10.0-update_1
version/mcafee epolicy orchestrator/5.10.0-update_10
version/mcafee epolicy orchestrator/5.10.0-update_2
version/mcafee epolicy orchestrator/5.10.0-update_3
version/mcafee epolicy orchestrator/5.10.0-update_4
version/mcafee epolicy orchestrator/5.10.0-update_5
version/mcafee epolicy orchestrator/5.10.0-update_6
version/mcafee epolicy orchestrator/5.10.0-update_7
version/mcafee epolicy orchestrator/5.10.0-update_8
version/mcafee epolicy orchestrator/5.10.0-update_9

CVE-2021-31834: McAfee ePO Cross-Site Scripting vulnerability

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?

What is the severity of CVE-2021-31834?

What is the affected software for CVE-2021-31834?

How can the vulnerability be exploited?

How can I fix CVE-2021-31834?

Company

Resources

Contact