SQL Injection Vulnerability in McAfee Data Loss Prevention Extension
CVE-2015-1616

Currently unrated

Key Information:

Vendor: Mcafee
Status: Data Loss Prevention Endpoint
Vendor: CVE Published:; 17 February 2015

Summary

A SQL injection vulnerability has been identified in the ePO extension of McAfee Data Loss Prevention Endpoint prior to version 9.3.400. This security flaw allows remote authenticated ePO users to manipulate the database and execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data and critical system functions. Organizations using affected versions are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 17, 2015