Insecure Permissions in Network Associates ePolicy Orchestrator Agent 3.5.0 (Patch 3) Web Server

Insecure Permissions in Network Associates ePolicy Orchestrator Agent 3.5.0 (Patch 3) Web Server

CVE-2005-2554 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

Learn more about our Web App Pen Testing.