CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
trellixCNA
5.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
mcafeeepolicy_orchestrator
𝑥
< 5.10.0
mcafeeepolicy_orchestrator
5.10.0
mcafeeepolicy_orchestrator
5.10.0:update_1
mcafeeepolicy_orchestrator
5.10.0:update_10
mcafeeepolicy_orchestrator
5.10.0:update_11
mcafeeepolicy_orchestrator
5.10.0:update_12
mcafeeepolicy_orchestrator
5.10.0:update_2
mcafeeepolicy_orchestrator
5.10.0:update_3
mcafeeepolicy_orchestrator
5.10.0:update_4
mcafeeepolicy_orchestrator
5.10.0:update_5
mcafeeepolicy_orchestrator
5.10.0:update_6
mcafeeepolicy_orchestrator
5.10.0:update_7
mcafeeepolicy_orchestrator
5.10.0:update_8
mcafeeepolicy_orchestrator
5.10.0:update_9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://kc.mcafee.com/corporate/index?page=content&id=SB10379