ePO database restoration vulnerability
CVE-2022-0859

6.5MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Epolicy Orchestrator (epo)
Vendor: CVE Published:; 23 March 2022

Summary

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) < 5.10 CU 13

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Mar 4, 2022