ePO blind SQL Injection vulnerability
CVE-2022-0842

5.4MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Epolicy Orchestrator (epo)
Vendor: CVE Published:; 23 March 2022

Summary

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) < 5.10 CU 13

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Mar 3, 2022