McAfee ePolicy Orchestrator Cloud update fixes multiple Cross-Site Request Forgery Vulnerabilities

Summary

Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user’s session via unspecified vectors

Credit:

The information has been provided by Ankur Parsai.

The original article can be found at: https://kc.mcafee.com/corporate/index?page=content&id=SB10268


Details

Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user’s session

Vulnerable Systems:

  • McAfee ePolicy Orchestrator (ePO)

CVE Information:
CVE-2019-3604

Disclosure Timeline:
Publish Date: 02/01/2019

Categories: News