SQL Injection in Mcafee Epolicy_orchestrator

CVE-2013-4882

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via…

Vulnerability class: SQL Injection

EPSS: 0.011 (78.4th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 4.6.0, 4.6.1, 4.6.2
Mcafee Epolicy_orchestrator_agent — versions 4.5, 4.6
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (mailing-list, x_refsource_BUGTRAQ)
1028803 (vdb-entry, x_refsource_SECTRACK)