CVE-2022-0857: ePO Reflected Cross-site scripting vulnerability
First published: Wed Mar 23 2022(Updated: )
A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee ePolicy Orchestrator | <5.10.0 | |
| McAfee ePolicy Orchestrator | =5.10.0 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_10 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_11 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_12 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_7 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_8 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-0857?
CVE-2022-0857 is a reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13.
How does CVE-2022-0857 impact McAfee ePolicy Orchestrator?
CVE-2022-0857 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing them to click on a carefully crafted link.
What is the severity of CVE-2022-0857?
CVE-2022-0857 has a severity rating of 6.1 (medium).
How can I fix CVE-2022-0857?
To fix CVE-2022-0857, update McAfee ePolicy Orchestrator to version 5.10 Update 13 or later.
Where can I find more information about CVE-2022-0857?
You can find more information about CVE-2022-0857 on the McAfee Knowledge Center: https://kc.mcafee.com/corporate/index?page=content&id=SB10379
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.10.0
- version/mcafee epolicy orchestrator/5.10.0-update_1
- version/mcafee epolicy orchestrator/5.10.0-update_10
- version/mcafee epolicy orchestrator/5.10.0-update_11
- version/mcafee epolicy orchestrator/5.10.0-update_12
- version/mcafee epolicy orchestrator/5.10.0-update_2
- version/mcafee epolicy orchestrator/5.10.0-update_3
- version/mcafee epolicy orchestrator/5.10.0-update_4
- version/mcafee epolicy orchestrator/5.10.0-update_5
- version/mcafee epolicy orchestrator/5.10.0-update_6
- version/mcafee epolicy orchestrator/5.10.0-update_7
- version/mcafee epolicy orchestrator/5.10.0-update_8
- version/mcafee epolicy orchestrator/5.10.0-update_9