Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

Published

2022-04-14T15:15:08.067

Last Modified

2024-11-21T06:40:21.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	agent	< 5.7.6	Yes

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10382 Broken Link ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10382 Broken Link (af854a3a-2127-422b-91ae-364da2661108)