CVE-2021-23888 Vulnerability Details

  /     /     /  

CVE-2021-23888 Metadata Quick Info

CVE Published: 26/03/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: trellix | Vendor: McAfee,LLC | Product: McAfee ePolicy Orchestrator (ePO)
Status : PUBLISHED

---

CVE-2021-23888 Description

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-601
CWE Name: CWE-601: URL Redirection to Untrusted Site ( Open Redirect )
Source: McAfee,LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).