CVE-2021-31834

{"id": "CVE-2021-31834", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-10-22T11:15:07.837", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", "tags": ["Broken Link"], "source": "trellixpsirt@trellix.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting almacenado en McAfee ePolicy Orchestrator (ePO) versiones anteriores a la Actualizaci\u00f3n 5.10 11, permite a administradores de ePO inyectar scripts web o HTML arbitrarios por medio de varios par\u00e1metros en los que las entradas del administrador no se han saneado correctamente"}], "lastModified": "2024-11-21T06:06:19.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5", "versionEndExcluding": "5.10.0"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216"}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}