RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature. Users with the ability to create new dashboards in the ePO web interface who exploit this vulnerability can read local files on the ePO server, including sensitive data like the ePO database configuration. Versions 4.6.7 and below are affected.
f7760236a00eacc72f537370300bd2e7c27f9ec542d2cb4813cf607dd4d9f889