CVE-2022-0842

Name of the Vulnerable Software and Affected Versions McAfee Enterprise ePolicy Orchestrator versions prior to 5.10 Update 13

Description A blind SQL injection issue allows a remote authenticated attacker to potentially obtain information from the database, with the data obtained being dependent on the attacker's privileges. To obtain sensitive data, the attacker would require administrator privileges.

Recommendations For versions prior to 5.10 Update 13, update to version 5.10 Update 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting user privileges to minimize the risk of exploitation.