Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Vulnerability Title
McAfee Endpoint Security 代码问题漏洞
Vulnerability Description
Mcafee McAfee Endpoint Security(ENS)是美国迈克菲(Mcafee)公司的一套提供智能协作和先进的威胁防御的框架。该框架支持对实时通信的整个威胁防御生命周期进行控制并进行可操作的威胁取证等。 McAfee Endpoint Security 存在代码问题漏洞,该漏洞源于McAfee端点安全(ENS)的XML实体扩展存在注入漏洞。攻击者可利用该漏洞允许本地用户通过仔细编辑EPDeploy.xml文件,然后执行安装过程,启动高CPU和内存消耗,导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A