CVE-2022-3338
Last modified
CVE-2022-3338 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Epolicy Orchestrator | < 5.10.0 |
| Mcafee | Epolicy Orchestrator | 5.10.0 |
References
- https://kcm.trellix.com/corporate/index?page=content&id=SB10387Third Party Advisory
- https://kcm.trellix.com/corporate/index?page=content&id=SB10387Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3338?
How severe is CVE-2022-3338?
How do I fix CVE-2022-3338?
Are you affected by CVE-2022-3338?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST