Vulnerability CVE-2018-6670

Vulnerability CVE-2018-6670

Published: 2018-06-07

Description:

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4/10	2.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Mcafee -> Common catalog

References:

https://kc.mcafee.com/corporate/index?page=content&id=SB10236

Copyright 2024, cxsecurity.com