← Volver a CVEs
CVE-2022-1258
HIGH8.4
Descripcion
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
Detalles CVE
Puntuacion CVSS v3.18.4
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado4/14/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
mcafee:agent
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://kc.mcafee.com/corporate/index?page=content&id=SB10382(trellixpsirt@trellix.com)
https://kc.mcafee.com/corporate/index?page=content&id=SB10382(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.