SQL Injection Vulnerability in McAfee Asset Manager 6.6
CVE-2014-2587

Currently unrated

Key Information:

Vendor: Mcafee
Status: Asset Manager
Vendor: CVE Published:; 24 March 2014

Summary

A SQL injection vulnerability exists in the ReportsAudit.jsp component of McAfee Asset Manager 6.6. This flaw enables remote authenticated users to manipulate SQL queries by injecting malicious SQL code through the username field in an audit report. This could potentially lead to unauthorized data access or alteration within the database, compromising the integrity of the application.

References

http://packetstormsecurity.com/files/125775/McAfee-Cloud-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/91929

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/66302

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2014
Vulnerability Reserved
Mar 23, 2014