| |
Vulnerability CVE-2022-0842
Published: 2022-03-23
| Description: |
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
