- MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU UPDATE
- MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU CODE
- MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU PASSWORD
allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU UPDATE
This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.Ī blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.Ī reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link.
To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.Ī cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. The impact is limited to some access to confidential information and some ability to alter data. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.Ī XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled.
MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU PASSWORD
This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.Ī lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack.
MCAFEE DLP ENDPOINT TEXT EXTRACTOR HIGH CPU CODE
This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee. An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name.
0 kommentar(er)
