CVE-2013-4882

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mcafeeepolicy_orchestrator
𝑥
≤ 4.6.6
mcafeeepolicy_orchestrator
4.6.0
mcafeeepolicy_orchestrator
4.6.1
mcafeeepolicy_orchestrator
4.6.2
mcafeeepolicy_orchestrator
4.6.3
mcafeeepolicy_orchestrator
4.6.4
mcafeeepolicy_orchestrator
4.6.5
mcafeeepolicy_orchestrator_agent
4.5
mcafeeepolicy_orchestrator_agent
4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/527228
http://www.securitytracker.com/id/1028803
https://kc.mcafee.com/corporate/index?page=content&id=SB10043
http://www.securityfocus.com/archive/1/527228
http://www.securitytracker.com/id/1028803
https://kc.mcafee.com/corporate/index?page=content&id=SB10043