CVE-2022-0858 Vulnerability Details

  /     /     /  

CVE-2022-0858 Metadata Quick Info

CVE Published: 23/03/2022 | CVE Updated: 02/08/2024 | CVE Year: 2022
Source: trellix | Vendor: McAfee,LLC | Product: McAfee ePolicy Orchestrator (ePO)
Status : PUBLISHED

---

CVE-2022-0858 Description

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator\'s session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.

Metrics

CVSS Version: 3.1 | Base Score: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79: Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: McAfee,LLC

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).