CVE-2013-4882

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator; Epolicy Orchestrator Agent
Vendor: CVE Published:; 22 July 2013

Summary

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/527228

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id/1028803

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 22, 2013
Vulnerability Reserved
Jul 21, 2013