Vulnerability Details CVE-2018-6660
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 4.0
References
Products affected by CVE-2018-6660
-
cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.0
-
cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.1
-
cpe:2.3:a:mcafee:epolicy_orchestrator:5.3.2
-
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0