Show plain JSON{"containers": {"cna": {"affected": [{"product": "ePolicy Orchestrator (ePO)", "vendor": "McAfee", "versions": [{"status": "affected", "version": "5.3.2"}, {"status": "affected", "version": "5.3.1"}, {"status": "affected", "version": "5.3.0"}, {"status": "affected", "version": "5.9.0"}]}], "datePublic": "2018-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-17T09:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"name": "103392", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103392"}, {"name": "1040884", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040884"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228"}], "source": {"advisory": "SB10228", "discovery": "EXTERNAL"}, "title": "SB10228 ePO Directory Traversal vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2018-03-09T18:00:00.000Z", "ID": "CVE-2018-6660", "STATE": "PUBLIC", "TITLE": "SB10228 ePO Directory Traversal vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ePolicy Orchestrator (ePO)", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_name": "5.3.2", "version_value": "5.3.2"}, {"affected": "=", "version_affected": "=", "version_name": "5.3.1", "version_value": "5.3.1"}, {"affected": "=", "version_affected": "=", "version_name": "5.3.0", "version_value": "5.3.0"}, {"affected": "=", "version_affected": "=", "version_name": "5.9.0", "version_value": "5.9.0"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal vulnerability"}]}]}, "references": {"reference_data": [{"name": "103392", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103392"}, {"name": "1040884", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040884"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228"}]}, "source": {"advisory": "SB10228", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:11.322Z"}, "title": "CVE Program Container", "references": [{"name": "103392", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103392"}, {"name": "1040884", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040884"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2018-6660", "datePublished": "2018-04-02T13:00:00Z", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2024-09-16T22:40:52.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}