What is CVE-2013-0140?

CVE-2013-0140 is a vulnerability in Mcafee Epolicy_orchestrator, classified under SQL Injection. Published 2013-05-01.

Is CVE-2013-0140 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Mcafee Epolicy_orchestrator

CVE-2013-0140

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server commu…

Vulnerability class: SQL Injection

EPSS: 0.038 (88.3th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 2.0, 2.5, 2.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

funoverip/epowner

References

VU#209131 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
TA13-193A (x_refsource_CERT, third-party-advisory)
59500 (vdb-entry, x_refsource_BID)
20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) Ã¢â¬â Release (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2013-0140?: CVE-2013-0140 is a vulnerability in Mcafee Epolicy_orchestrator, classified under SQL Injection. Published 2013-05-01.
Is CVE-2013-0140 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.