CVE-2016-8027

10CRITICAL

Key Information:

Vendor
Mcafee
Status
Mcafee Epolicy Orchestrator (epo) 5.3.2 And Earlier And 5.1.3 And Earlier
Vendor
CVE Published:
14 March 2017

Summary

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier

References

http://www.securitytracker.com/id/1037777
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95981
vdb-entryx_refsource_BID
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.