PT-2022-11319 · Mcafee · Data Loss Protection (Dlp) Epo Extension
Published
2022-01-24
·
Updated
2023-11-15
·
CVE-2021-4088
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Data Loss Protection (DLP) ePO extension versions 11.6.401 through 11.7.100
Data Loss Protection (DLP) ePO extension versions 11.8.x prior to 11.8.100
Description
A SQL injection vulnerability in the DLP ePO extension allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database, potentially leading to remote code execution on the ePO server with privilege escalation.
Recommendations
For Data Loss Protection (DLP) ePO extension versions 11.6.401 through 11.7.100, update to version 11.7.101 or later.
For Data Loss Protection (DLP) ePO extension versions 11.8.x prior to 11.8.100, update to version 11.8.100 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Loss Protection (Dlp) Epo Extension