CVE-2016-8027 — SQL Injection in Epolicy Orchestrator

CWE-89 — SQL Injection5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

16.2%

top 5.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator

Timeline

PublishedMar 14

Latest updateMay 14

Description

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

▶NVDmcafee/epolicy_orchestrator5.1.0 — 5.1.3+1

🔴Vulnerability Details

GHSA

GHSA-6mc2-5j9g-7346: SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5↗2022-05-14

▶

CVEList

CVE-2016-8027: SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5↗2017-03-14

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight - McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability↗2017-02-02

▶

Talos

Vulnerability Spotlight - McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability↗2017-02-02

▶