Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTrellixCVE-2022-0842
HistoryMar 23, 2022 - 2:15 p.m.

CVE-2022-0842

2022-03-2314:15:07
CWE-89
trellix
web.nvd.nist.gov
2271
cve-2022-0842
blind sql injection
vulnerability
mcafee
epo
database security

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.

Affected configurations

Nvd
Node
mcafeeepolicy_orchestratorRange<5.10.0
OR
mcafeeepolicy_orchestratorMatch5.10.0-
OR
mcafeeepolicy_orchestratorMatch5.10.0update_1
OR
mcafeeepolicy_orchestratorMatch5.10.0update_10
OR
mcafeeepolicy_orchestratorMatch5.10.0update_11
OR
mcafeeepolicy_orchestratorMatch5.10.0update_12
OR
mcafeeepolicy_orchestratorMatch5.10.0update_2
OR
mcafeeepolicy_orchestratorMatch5.10.0update_3
OR
mcafeeepolicy_orchestratorMatch5.10.0update_4
OR
mcafeeepolicy_orchestratorMatch5.10.0update_5
OR
mcafeeepolicy_orchestratorMatch5.10.0update_6
OR
mcafeeepolicy_orchestratorMatch5.10.0update_7
OR
mcafeeepolicy_orchestratorMatch5.10.0update_8
OR
mcafeeepolicy_orchestratorMatch5.10.0update_9
VendorProductVersionCPE
mcafeeepolicy_orchestrator*cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
mcafeeepolicy_orchestrator5.10.0cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
Rows per page:
1-10 of 141

CNA Affected

[
  {
    "product": "McAfee ePolicy Orchestrator (ePO)",
    "vendor": "McAfee,LLC",
    "versions": [
      {
        "lessThan": "5.10 CU 13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
cnvd 1
nessus 1
prion
prion
Sql injection
2022-03-23 14:15:00
cvelist
cvelist
CVE-2022-0842 ePO blind SQL Injection vulnerability
2022-03-23 14:10:13
nvd
nvd
CVE-2022-0842
2022-03-23 14:15:07
cnvd
cnvd
McAfee Enterprise ePolicy Orchestrator SQL Injection Vulnerability
2022-03-24 00:00:00
nessus
nessus
McAfee ePolicy Orchestrator Multiple Vulnerabilities (SB10379)
2022-03-30 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON
Related for CVE-2022-0842
prion1cvelist1nvd1cnvd1nessus1