CVE-2022-0842 — SQL Injection in LLC Mcafee Epolicy Orchestrator

CWE-89 — SQL Injection3 documents3 sources

Severity

4.9MEDIUMNVD

CNA5.4

EPSS

0.2%

top 63.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Epolicy Orchestrator Mcafee Epolicy Orchestrator

Timeline

PublishedMar 23

Latest updateMar 24

Description

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/epolicy_orchestrator< 5.10.0+1

▶CVEListV5mcafee_llc/mcafee_epolicy_orchestratorunspecified — 5.10 CU 13

🔴Vulnerability Details

GHSA

GHSA-gjcx-3wpq-4ph2: A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5↗2022-03-24

▶

CVEList

ePO blind SQL Injection vulnerability↗2022-03-23

▶