CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.4%
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
mcafee | epolicy_orchestrator | * | cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* |
mcafee | epolicy_orchestrator | 5.10.0 | cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* |
[
{
"product": "McAfee ePolicy Orchestrator (ePO)",
"vendor": "McAfee,LLC",
"versions": [
{
"lessThan": "5.10 CU 13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.4%