Rewterz Threat Advisory – Multiple VMware Carbon Black App Control Vulnerability
March 24, 2022Rewterz Threat Advisory – CVE-2022-25766 – Node.js ungit module Vulnerability
March 24, 2022Rewterz Threat Advisory – Multiple VMware Carbon Black App Control Vulnerability
March 24, 2022Rewterz Threat Advisory – CVE-2022-25766 – Node.js ungit module Vulnerability
March 24, 2022Severity
Medium
Analysis Summary
CVE-2022-0842
McAfee ePolicy Orchestrator is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2022-0857
McAfee ePolicy Orchestrator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-0858
McAfee ePolicy Orchestrator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the User Interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-0861
McAfee ePolicy Orchestrator could allow a remote authenticated attacker to obtain sensitive information, caused by an XML Extended entity in the extension import functionality. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to obtain sensitive information and the ability to alter data.
CVE-2022-0862
McAfee ePolicy Orchestrator could allow a remote authenticated attacker to bypass security restrictions, caused by lack of password change protection vulnerability in a depreciated API. An attacker could exploit this vulnerability to change the password of a compromised session without knowing the user’s password.
Impact
- SQL Injection
- Data Manipulation
- Cross-Site Scripting
- Information Disclosure
- Security Bypass
Indicator Of Compromise
CVE
- CVE-2022-0857
- CVE-2022-0858
- CVE-2022-0859
- CVE-2022-0861
Affected Vendors
McAfee
Affected Products
- McAfee ePolicy Orchestrator 2.5.1
- McAfee ePolicy Orchestrator 2.0
- McAfee ePolicy Orchestrator 2.5
- McAfee ePolicy Orchestrator 3.0
Remediation
Refer to McAfee Security Bulletin for the patch, upgrade, or suggested workaround information.