SQL Injection Vulnerabilities in McAfee ePolicy Orchestrator and McAfee Agent
CVE-2013-4882

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator; Epolicy Orchestrator Agent
Vendor: CVE Published:; 22 July 2013

Summary

Multiple SQL injection vulnerabilities have been identified in McAfee ePolicy Orchestrator versions up to 4.6.6 and its extension for McAfee Agent versions 4.5 and 4.6. These vulnerabilities allow remote authenticated users to potentially execute arbitrary SQL commands by manipulating the 'uid' parameter in various endpoints, specifically in core/showRegisteredTypeDetails.do and EPOAGENTMETA/DisplayMSAPropsDetail.do. Addressing these vulnerabilities is crucial for maintaining the integrity and security of affected systems.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/527228

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id/1028803

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 22, 2013
Vulnerability Reserved
Jul 21, 2013