cancel
Showing results for 
Search instead for 
Did you mean: 
fcastillo
Level 7

ePO Security advisory version mismatch

The security advistory SB10042 (https://kc.mcafee.com/corporate/index?page=content&id=SB10042) affects the next versions of ePO:

  • ePO 4.5 (RTW) to ePO 4.5.6
  • ePO 4.6 (RTW) to ePO 4.6.5

Furthermore in NIST appears more versions than the Official Security Bulletin:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0140    

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0141

* cpe:/a:mcafee:epolicy_orchestrator:4.5.0

* cpe:/a:mcafee:epolicy_orchestrator:4.0

* cpe:/a:mcafee:epolicy_orchestrator:3.6.1

* cpe:/a:mcafee:epolicy_orchestrator:3.6.0

* cpe:/a:mcafee:epolicy_orchestrator:3.5.0

...

Is NIST wrong?

0 Kudos
4 Replies
alexn
Level 14

Re: ePO Security advisory version mismatch

Hi,

There is no mismatch in these ePO versions except 4.0.x series ,3.6.x and 3.5.x series.All these versions are no more supported by McAfee.End of life for these versions has already been announced.

0 Kudos
fcastillo
Level 7

Re: ePO Security advisory version mismatch

So McAfee doesn't advise security vulns about end-of-life versions?

0 Kudos
ulyses31
Level 16

Re: ePO Security advisory version mismatch

I don't think so. When a product is EOL you still can find support at McAfee's but only for already existent issues and not for new one as these products are not developped or investigated anymore

0 Kudos
alexn
Level 14

Re: ePO Security advisory version mismatch

When a product is EOL you still can find support at McAfee's but only for already existent issues and not for new one as these products are not developped or investigated anymore


Exactely!!!!:Smiley Happy

0 Kudos