vulnerability

McAfee Endpoint Security Platform: CVE-2021-23881: Endpoint security for windows update fixes five vulnerabilities (SB10345)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	2021-02-10	2022-08-16	2022-08-16

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

2021-02-10

Added

2022-08-16

Modified

2022-08-16

Description

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

Solution(s)

mcafee-endpoint-security-platform-upgrade-10-6-1-2286mcafee-endpoint-security-platform-upgrade-10-7-0-2421

References

CVE-2021-23881
https://attackerkb.com/topics/CVE-2021-23881
MCAFEE-SB10345

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today