CVE-2023-3946

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 26, 2023

Updated: Aug 3, 2023

CWE ID 79

Summary

CVE-2023-3946 is a reflected cross-site scripting (XSS) vulnerability affecting ePO versions prior to 5.10 SP1 Update 1. An attacker can exploit this issue by crafting a malicious link and convincing an authenticated ePO administrator to click on it. Successful exploitation grants the attacker limited access to the administrator's session, allowing potential access to sensitive information and the ability to alter some information in ePO.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

McAfee ePolicy Orchestrator

Affected Vendors

McAfee

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/Staie5F6
https://www.cve.org/CVERecord?id=CVE-2023-3946
https://nvd.nist.gov/vuln/detail/CVE-2023-3946

Back to Vulnerability Database