Posted by Brandon Perry on Jan 06

McAfee ePolicy Orchestrator Authenticated XXE and Credential Disclosure

Trial available here:

https://secure.mcafee.com/apps/downloads/free-evaluations/survey.aspx?mktg=ESD1172&cid=ESD1172&eval=A0C692FB-8E29-4D47-BBF1-43CAB5F10069&region=us

McAfee ePolicy Orchestrator suffers from an authenticated XXE
vulnerability, available to any authenticated user. The Server Task Log
option in the upper left menu is where the vulnerability…