CVE-2022-0858: 
McAfee ePolicy Orchestrator vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability, identified as CVE-2022-0858, was disclosed on March 4, 2022. This security flaw affects the McAfee Enterprise ePolicy Orchestrator (ePO) management platform (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score indicating network-based attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), and changed scope (S:C), with low confidentiality and integrity impact (C:L/I:L) and no availability impact (A:N). The CVSS v2 score is (AV:N/AC:M/Au:N/C:N/I:P/A:N) (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially obtain access to an ePO administrator's session. The impact is limited to altering some information in ePO due to the specific area of the User Interface where the vulnerability is present (CVE Mitre).

The vulnerability has been addressed in McAfee Enterprise ePolicy Orchestrator (ePO) version 5.10 Update 13. Users are advised to upgrade to this version or later to mitigate the risk (CVE Mitre).