CVE-2012-4594
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
22/08/2012
Last modified:
11/04/2025
Description
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* | 4.6.1 (including) | |
| cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page