CVE-2016-8025

Name of the Vulnerable Software and Affected Versions McAfee VirusScan Enterprise versions 2.0.3 and earlier

Description The issue allows remote authenticated users to obtain product information via a crafted HTTP request parameter due to a lack of protection against SQL injection attacks. This can enable a remote attacker to bypass access control rules using a specially formed HTTP request.

Recommendations For versions 2.0.3 and earlier, consider restricting access to the vulnerable HTTP request parameter until a patch is available. As a temporary workaround, avoid using the vulnerable parameter in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.