Main Vulnerability Database SB2018062511

SB2018062511 - Information disclosure in McAfee ePolicy Orchestrator

Published: June 25, 2018

Security Bulletin ID SB2018062511

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2018-6672)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to memory leak. A remote attacker can view potentially sensitive information in plain text.

2) Improper access control (CVE-ID: CVE-2018-6671)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to improper access control. A remote attacker can send a specially crafted HTTP request to bypass localhost-only access controls for some functions and obtain arbitrary data.

Remediation

Install update from vendor's website.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10240