Vulnerability CVE-2022-0859


Published: 2022-03-23

Description:
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mcafee -> Epolicy orchestrator 

 References:
https://kc.mcafee.com/corporate/index?page=content&id=SB10379

Copyright 2024, cxsecurity.com

 

Back to Top