PT-2017-9463 · Mcafee · Epolicy Orchestrator

Published

2017-03-14

Updated

2019-03-07

CVE-2016-8027

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel Security McAfee ePolicy Orchestrator (ePO) versions 5.3.2 and earlier Intel Security McAfee ePolicy Orchestrator (ePO) versions 5.1.3 and earlier

Description The issue allows attackers to alter a SQL query, potentially resulting in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.

Recommendations For versions 5.3.2 and earlier, update to a version later than 5.3.2 to resolve the issue. For versions 5.1.3 and earlier, update to a version later than 5.1.3 to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2016-8027

Affected Products

Epolicy Orchestrator

PT-2017-9463 · Mcafee · Epolicy Orchestrator

CVE-2016-8027

Weakness Enumeration

Related Identifiers

Affected Products

References · 5