SQL Injection Vulnerabilities in McAfee ePolicy Orchestrator and McAfee Agent
CVE-2013-4882

Currently unrated

Key Information:

Vendor

Mcafee
Status
Epolicy Orchestrator
Epolicy Orchestrator Agent
Vendor
CVE Published:
22 July 2013

What is CVE-2013-4882?

Multiple SQL injection vulnerabilities have been identified in McAfee ePolicy Orchestrator versions up to 4.6.6 and its extension for McAfee Agent versions 4.5 and 4.6. These vulnerabilities allow remote authenticated users to potentially execute arbitrary SQL commands by manipulating the 'uid' parameter in various endpoints, specifically in core/showRegisteredTypeDetails.do and EPOAGENTMETA/DisplayMSAPropsDetail.do. Addressing these vulnerabilities is crucial for maintaining the integrity and security of affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/527228
mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1028803
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.