Vulnerability Details : CVE-2022-3339

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

Vulnerability category: Cross site scripting (XSS)

Published 2022-10-18 10:15:11

Updated 2022-10-20 12:39:56

Source Trellix

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-3339

Probability of exploitation activity in the next 30 days: 0.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 45 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-3339

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	2.8	2.5	trellixpsirt@trellix.com
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2022-3339

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- nvd@nist.gov (Primary)
- trellixpsirt@trellix.com (Secondary)

References for CVE-2022-3339

https://kcm.trellix.com/corporate/index?page=content&id=SB10387

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-3339

Mcafee » Epolicy Orchestrator
Versions before (<) 5.10.0
cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 2
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 3
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 4
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 5
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 6
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 7
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 8
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 9
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 10
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 11
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 12
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 13
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_13:*:*:*:*:*:*
Matching versions