Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0140 — SQL Injection in Epolicy Orchestrator

CWE-89 — SQL Injection4 documents4 sources

Severity

7.9HIGHNVD

EPSS

3.8%

top 11.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedMay 1

Latest updateMay 5

Description

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator4.5.6+18

🔴Vulnerability Details

GHSA

GHSA-qwj4-q777-wg6h: SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4↗2022-05-05

▶

CVEList

CVE-2013-0140: SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4↗2013-05-01

▶

💥Exploits & PoCs

Exploit-DB

McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities↗2014-04-28

▶