CVE-2021-23889 is a vulnerability in McAfee Epolicy Orchestrator
Published on March 26, 2021

McAfee ePO Cross-site Scripting vulnerability
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

NVD

Vulnerability Analysis

CVE-2021-23889 can be exploited with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Products Associated with CVE-2021-23889

Want to know whenever a new CVE is published for McAfee Epolicy Orchestrator? stack.watch will email you.

McAfee Epolicy Orchestrator

Affected Versions

McAfee,LLC McAfee ePolicy Orchestrator (ePO):

Version unspecified and below 5.10 CU 10 is affected.

Exploit Probability

EPSS

0.21%

Percentile

43.50%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-23889 is a vulnerability in McAfee Epolicy OrchestratorPublished on March 26, 2021

Vulnerability Analysis

Products Associated with CVE-2021-23889

Affected Versions

Exploit Probability

CVE-2021-23889 is a vulnerability in McAfee Epolicy Orchestrator
Published on March 26, 2021