McAfee Epolicy Orchestrator (McAfee Epo) is a U.S. based solution for managing endpoint, network, data security, and compliance. a SQL injection vulnerability exists in versions of McAfee Enterprise ePolicy Orchestrator prior to 5.10 Update 13. The vulnerability stems from the applicationβs lack of validation of externally entered SQL statements. An attacker could exploit this vulnerability to obtain information from the ePO database.